1) The first out of the Stanford security lab, Protecting Browsers from DNS Rebinding Attacks by Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh. Everything you wanted to know about DNS Rebinding (formerly known as anti-DNS Pinning) and probably a lot you didn’t. My favorite part was the real-world experiment they performed using Flash 9 advertisements - very spooking, very easy and apparently highly effective stuff. And not to leave us wanting, the security lab guys also drafted a proposal for a long-term solution to DNS Rebinding attacks using Host Name Authorization (based upon Reverse DNS lookups).
2) The second paper is from Sensepost, It’s all about the timing…, by Haroon Meer and Marco Slaviero. Before they get to their real innovation, upfront they provide a detailed history of how Web-based timing attacks works. This would have been a fantastic resource if only for that and I’m going to have to go back and reread this a few more times and commit it to memory. The real gem though is their Cross Site Request Timing attack. Hopefully I’m describing it correctly, basically this is a way to leverage victim web browsers to blindly perform brute force attacks (among others) on third-party websites. Like I said, I’m going to have to study this more, but I was thoroughly impressed by what I saw.