Завалить в один запрос: уязвимости веб-приложений, приводящие к DoS.
Lie to Me: Bypassing Modern Web Application Firewalls
Data normalization weaknesses
Hack pra 05-12-blind-xxe
SSRF attacks and sockets: smorgasbord of vulnerabilities
Xxe advanced exploitation
WEB SHELL EVOLUTION & CODE EXECUTION ATTACKS IN WEB APPLICATION
Defcon Russia 7 d0znpp
OpenSSL rands (fork-safe)
ONsec PHDays 2012 XXE incapsulated report
DCG7812 cryptography in webapps 21/08/12
Chaos Construcions 2010 SDRF presentation [ONSEC]
Caro2012 attack large-modern_web_applications
Smuggling splitting poisoning. ZeroNights. ONsec
Distributed computing in browsers as client side attack
Mosaique by Arthur Gerkis @ax330d
Безопасность веб-приложений: основы. Клиентские уязвимости. ONsec.мифи.180212
Nikita Tarakanov. MS11-087. МИФИ 18/02/2012
SSRF workshop
Yandex rewards. ONsec experience