AJAX cross site scripting issue - http://getahead.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html Explain XSS - http://www.codinghorror.com/blog/archives/001175.html So easy to hack in wifi - http://www.codinghorror.com/blog/2010/11/breaking-the-webs-cookie-jar.html Top 10 web application security issues - http://keyholesoftware.com/2013/11/11/top-application-security-risks-owasp/ We should show less system level detail at error page - http://www.ibm.com/developerworks/java/library/se-banner/index.html?ca=drs- Story of getting hack with php server - http://www.bigmessowires.com/2015/07/13/web-site-hacked/ Basic - http://martinfowler.com/articles/web-security-basics.html How ransomware work - https://consolia-comic.com/comics/ransomware https://hackernoon.com/how-do-you-authenticate-mate-f2b70904cc3a https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ Vimattack: How to get someone's database credentials while they are editing config files on a live server - https://webdevetc.com/blog/how-to-get-someones-database-credentials-while-they-are-editing-config-files-on-a-live-server