Links

• CSP / Content Security Policy
• CORS / Cross Origin Resource Sharing
• XSS Filter Evasion Cheat Sheet
• html5sec.org: HTML5 Security Cheatsheet
• sla.ckers.org: Tricks for getting a reference to window
• ADsafe – making JS safe for advertising
• Origin header proposal
• Clickjacking
  • ha.ckers.org:Clickjacking
  • Example – http://myweb.wit.edu/duffj2/Homework/clickjack.html
• CSRF / XSRF
  • The Cross-Site Request Forgery (CSRF/XSRF) FAQ
• wikipedia: Same origin policy

X-Frame-Options header

• mozilla.org: X-Frame-Options
• The Clickjacking attack, X-Frame-Options