浅析XSS(Cross Site Script)漏洞原理
http://publish.it168.com/2007/0704/20070704004201.shtml
http://www4.it168.com/jtzt/shenlan/safe/xss/
XSS测试语句大全
http://hackbase.com/tech/2007-11-20/1030353818/
XSS跨站脚本攻击:简述
http://hi.baidu.com/sneidar/blog/item/1e724903b03df58dd53f7c69.html
http://www.cha88.cn/
Ratproxy -- Google 的 XSS 检测工具
http://www.dbanotes.net/security/ratproxy_google_xss.html
轻量级网页安全漏洞扫描工具-Wapiti
http://blog.csdn.net/Testing_is_believing/archive/2008/01/22/2060120.aspx
TamperIE - 一个小巧的XSS漏洞检测辅助工具
http://blog.csdn.net/testing_is_believing/archive/2008/01/21/2057718.aspx