diff --git a/content/notes/8-application-security-1.md b/content/notes/8-application-security-1.md
index 4fd1fb6aa..754800a20 100644
--- a/content/notes/8-application-security-1.md
+++ b/content/notes/8-application-security-1.md
@@ -4,6 +4,9 @@ aliases:
 tags: 
 - comp210
 - lecture
+sr-due: 2022-08-21
+sr-interval: 3
+sr-ease: 250
 ---
 
 application development security
@@ -149,4 +152,7 @@ Ideally the compiler or runtime should be able to detect these and throw an erro
 
 ## command injection
 
-## cross site scripting
\ No newline at end of file
+## cross site scripting
+second order attack - inject redirect as data will be displayed on other users webpages
+- session id is as good as username and passoword
+
diff --git a/content/notes/comp-210.md b/content/notes/comp-210.md
index e25598c0a..a251be99e 100644
--- a/content/notes/comp-210.md
+++ b/content/notes/comp-210.md
@@ -31,4 +31,5 @@ No final exam
 - [04-authentication-authorisation-passwords](notes/04-authentication-authorisation-passwords.md)
 - [05-cryptography](notes/05-cryptography.md)
 - [06-hashing-binary-public-key-cryptography](notes/06-hashing-binary-public-key-cryptography.md)
-- [07-cryptography-applications](notes/07-cryptography-applications.md)
\ No newline at end of file
+- [07-cryptography-applications](notes/07-cryptography-applications.md)
+- [8-application-security-1](notes/8-application-security-1.md)
\ No newline at end of file