Another very old article on web app security, from the waning days of the dot-boom when most people were still happily being paid to crank out XSS-vulnerable applications.

(Aside: note how people in 2000 already thought of 1995 as the ancient days of the web.)