Hacking Web Apps: Detecting and Preventing Web Application Security Problems (2012)
Chapter 2. HTML Injection & Cross-Site Scripting (XSS)
Chapter 3. Cross-Site Request Forgery (CSRF)
Chapter 4. SQL Injection & Data Store Manipulation
Chapter 5. Breaking Authentication Schemes
Chapter 6. Abusing Design Deficiencies
Chapter 7. Leveraging Platform Weaknesses
Chapter 8. Browser & Privacy Attacks