Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?
Release the Hounds! A look inside Bugcrowd - Ruxmon 1 March 2013
The innerHTML Apocalypse
1 XSS Defense Past, Present and Future By Eoin Keary and Jim Manico March 2013 v3.
Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners
Application security overview
ASP.NET security vulnerabilities
Appsec2013 presentation
Web Security - Introduction
25 Million Flows Later – Large-scale Detection of DOM-based XSS
Examining And Bypassing The IE8 XSS Filter
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.