# Notes
1. The Samy Worm “I’ll never get caught. I’m Popular.” – [http://namb.la/popular/](http://namb.la/popular/)
2. Cross-site Scripting (Web Security Threat Classification) – [http://www.webappsec.org/projects/threat/classes/cross-](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml) [](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml) [site_scripting.shtml](http://www.webappsec.org/projects/threat/classes/cross-site_scripting.shtml)
3. Teen uses worm to boost ratings on MySpace.com, Computerworld, October 17, 2005 – [http://www.computerworld.com/securitytopics/security/holes/story/0,10801,105484,00.html](http://www.computerworld.com/securitytopics/security/holes/story/0%2C10801%2C105484%2C00.html)
4. Do Online Banks Facilitate Fraud?, TheMotleyFool.com, December 8, 2004 – [http://www.fool.com/News/mft/2004/mft04120810.htm](http://www.fool.com/News/mft/2004/mft04120810.htm)
5. Phishing with Superbait, Silicon Valley Chapter (San Jose), April, 2005 – [http://www.whitehatsec.com/presentations/phishing_superbait.pdf](http://www.whitehatsec.com/presentations/phishing_superbait.pdf)
6. Content Restrictions – [http://www.gerv.net/security/content-restrictions/](http://www.gerv.net/security/content-restrictions/)
7. A phishing wolf in sheep’s clothing, ZDNet, March 14, 2005 – [http://news.zdnet.com/2100-1009_22-5616419.html](http://news.zdnet.com/2100-1009_22-5616419.html)
8. The Cross Site Scripting FAQ – [http://www.cgisecurity.com/articles/xss-faq.shtml](http://www.cgisecurity.com/articles/xss-faq.shtml)
9. XSS cheat sheet – [http://ha.ckers.org/xss.html](http://ha.ckers.org/xss.html)
1. Ajax: A New Approach to Web Applications, Jesse James Garrett, February 18, 2005 – [http://www.adaptivepath.com/publications/essays/archives/000385.php](http://www.adaptivepath.com/publications/essays/archives/000385.php)
2. XMLHttpRequest, XUL Planet – [http://www.xulplanet.com/references/objref/XMLHttpRequest.html](http://www.xulplanet.com/references/objref/XMLHttpRequest.html)
3. Cross-Site Scripting Worm Hits MySpace, BetaNews, October 13, 2005 – [http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391](http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391)
4. Samy’s cancelled MySpace profile – [http://www.myspace.com/33934660](http://www.myspace.com/33934660)
5. Technical explanation of the MySpace worm – [http://namb.la/popular/tech.html](http://namb.la/popular/tech.html)
6. .CAIDA Analysis of Code-Red – [http://www.caida.org/analysis/security/code-red/](http://www.caida.org/analysis/security/code-red/)
7. .Code-Red: a case study on the spread and victims of an Internet worm – [http://www.caida.org/outreach/papers/2002/codered/codered.pdf](http://www.caida.org/outreach/papers/2002/codered/codered.pdf)
8. .SQL slammer (computer worm) – [http://en.wikipedia.org/wiki/SQLSlammer](http://en.wikipedia.org/wiki/SQLSlammer)
9. The Spread of the Sapphire/Slammer Worm – [http://www.cs.berkeley.edu/~nweaver/sapphire/](http://www.cs.berkeley.edu/%7Enweaver/sapphire/)
1. Slammed!, Wired, July 2003 – [http://www.wired.com/wired/archive/11.07/slammer.html](http://www.wired.com/wired/archive/11.07/slammer.html)
2. Viruses and Worms: What Can We Do About Them?, Testimony of Richard D. Pethia, September 10, 2003 – [http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/](http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/)
3. Yahoo Attack Exposes Web Weakness, BBC News, February 9, 2000 – [http://news.bbc.co.uk/1/hi/sci/tech/635444.stm](http://news.bbc.co.uk/1/hi/sci/tech/635444.stm)
4. Post to BugTraq by Elias Levy, February 11, 200 – [http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html](http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html)
5. Xanga Hit By Script Worm – [http://blogs.securiteam.com/index.php/archives/166](http://blogs.securiteam.com/index.php/archives/166)
6. Account Hijackings Force LiveJournal Changes – [http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html](http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html)
7. NoScript Firefox extension – [https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox](https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox)
8. Netcraft Toolbar – [http://toolbar.netcraft.com/](http://toolbar.netcraft.com/)
9. Security Corner: Cross-Site Request Forgeries December, 2004 – [http://shiflett.org/articles/security-corner-dec2004](http://shiflett.org/articles/security-corner-dec2004)
1. The CAPTCHA Project, Telling Humans and Computers Apart – [http://www.captcha.net/](http://www.captcha.net/)
2. Mitigating Cross-site Scripting With HTTP-only Cookies – [http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp](http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp)
3. Web Security Threat Classification – [http://www.webappsec.org/projects/threat/](http://www.webappsec.org/projects/threat/)
4. Web Application Firewall Evaluation Criteria (WAFEC) – [http://www.webappsec.org/projects/wafec/](http://www.webappsec.org/projects/wafec/)