- JS Danger: OpenJS World Edition on YouTube
- CS 253 Web Security - YouTube Playlist
- CS 253 Course Website
- CSP
- Darknet Diaries on Samy
- Krebs on Security
- Clickjacking
- CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy
- Reining in the Web with Content Security Policy
- Cross-Site Request Forgery Prevention Cheat Sheet
- Same-origin policy
- Cross-Site Request Forgery is dead!
- Incrementally Better Cookies
- SameSite cookies explained