http://blog.csdn.net/stpeace/article/details/53512283
Session fixation:
https://www.cnblogs.com/davidwang456/p/3593578.html
http://www.gooseeker.com/cn/node/knowledgebase/whatissessionfixation
HTTP Strict Transport Security(HSTS):
HTTPS
XSS:
https://www.cnblogs.com/suwings/p/6285340.html
https://www.cnblogs.com/digdeep/p/4695348.html
原文:http://blog.51cto.com/xinzhilian/2089520