Web application security - the early days

In 2002 I wrote some papers about web application security:


Cross Site Scripting Explained, May 2002

A tutorial, rather than a research paper. Gained a lot of popularity since this was one of the first XSS tutorials.


Hacking Web Applications Using Cookie Poisoning, April 2002

Note that this paper describes how to predict the session token for ColdFusion ("Example 1" - CFTOKEN and CFID) and Apache JServ ("Example 2") back at that time.