Web Security

HTTP Headers的資安議題:
http://devco.re/blog/2014/03/10/security-issues-of-http-headers-1/

防止CSRF攻擊:
http://blog.jdriven.com/2014/10/stateless-spring-security-part-1-stateless-csrf-protection/

幫Spring Security加上x-auth-token:
http://blog.jdriven.com/2014/10/stateless-spring-security-part-2-stateless-authentication/

弱點掃描軟體:
Burp Suite / N-Stalker / nessus