1. I'd like to roll "code injection" into Samy Worm (or vice versa) and mention XSS, SQLi, and pathname attacks. 2. Edit the section on Buffer Overflows 3. Add an example about input validation (not just with code injection)