Hi I noticed that very recently, the whitepapers section of www.sanctuminc.com was removed (possibly as part of phasing out the www.sanctuminc.com website). So here are few links to mirrored resources (there are many more mirrors; those listed below seem most stable): *** long links may be word wrapped *** "Blind XPath Injection" Amit Klein, May 2004 http://www.packetstormsecurity.com/papers/bypass/Blind_XPath_Injection _20040518.pdf "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Other Topics" Amit Klein, March 2004 http://www.packetstormsecurity.org/papers/general/whitepaper_httprespo nse.pdf [Watchfire has its own "Watchfire branded" version on its website, registration required] "Secure Coding Practices for Microsoft ASP.NET" Amit Klein, July 2003 http://www.cgisecurity.com/lib/WhitePaper_Secure_Coding_Practices_VSdo tNET.pdf "Developing Secure Web Applications Just Got Easier" Amit Klein, March 2003 http://www.zone-h.org/files/34/devsecureappsjustgoteasier.pdf "Developing Secure Web Applications" Izhar Bar-Gad and Amit Klein, June 2002 http://www.cgisecurity.com/lib/WhitePaper_DevelopingSecureWebApps.pdf [Watchfire has its own "Watchfire branded" version on its website, registration required] "Cross Site Scripting Explained" Amit Klein, May 2002 http://crypto.stanford.edu/cs155/CSS.pdf "Hacking Web Applications Using Cookie Poisoning" Amit Klein, April 2002 http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf "Hacker Repellent: Deterring Hackers On a Shoestring Budget" Amit Klein, April 2002 http://www.secinf.net/uplarticle/1/Hack_Repellent.pdf Enjoy, -Amit
