The WWW Security FAQ - Includes securing your server, protecting confidential documents on your site, safe CGI programming, client security, and privacy. Are Secure Internet Transactions Really Secure? - This paper describes how many small business claim to be offering a secure order form, when in fact, they really are not. The paper shows how the insecurity occurs, and offers a few solutions to the problem. Cgisecurity.com - This site is designed to help user to learn about what kinds of security risks exist and how to prevent them from happening. Web Security: A Matter of Trust - Collection of original articles. W3C Security Resources - Provides an overview of web security and links to security initiatives such as PICS Signed Labels, and XML-DSig. World Wide Web (in)Security - Demonstrations of security risks and advice for safe use of a web browser. The Open Web Application Security Project - How to build, design and test the security of web applications and web services. Web Spoofing - Full text of a paper discussing an 'attack' that threatens both privacy and data integrity. Written by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Available in various formats including PDF and Postscript. Hacking Exposed: Web Applications - Book that covers how to hack web applications, and how to secure against the attacks detailed. Author profiles, links to tools referenced in the book and reviews. Client Side Trojan - By clicking on maliciously formed HTML tags users can unknowingly perform undesirable actions.