Update links to OWASP cheat sheet

Author: Sauyon Lee

cpp/ql/src/Security/CWE/CWE-079/CgiXss.qhelp

@@ -34,7 +34,7 @@ characters before writing to the HTML page.</p>
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 (Cross Site Scripting) Prevention Cheat Sheet</a>.
 </li>
 <li>

csharp/ql/src/Security Features/CWE-079/XSS.qhelp

@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.</p>
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 (Cross Site Scripting) Prevention Cheat Sheet</a>.
 </li>
 <li>

csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp

@@ -33,7 +33,7 @@ the query cannot be changed by a malicious user.</p>
 </example>
 
 <references>
-<li>OWASP: <a href="https://www.owasp.org/index.php?title=LDAP_Injection_Prevention_Cheat_Sheet">LDAP Injection Prevention Cheat Sheet</a>.</li>
+<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html">LDAP Injection Prevention Cheat Sheet</a>.</li>
 <li>OWASP: <a href="https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java">Preventing LDAP Injection in Java</a>.</li>
 <li>AntiXSS doc: <a href="http://www.nudoq.org/#!/Packages/AntiXSS/AntiXssLibrary/Encoder/M/LdapFilterEncode">LdapFilterEncode</a>.</li>
 <li>AntiXSS doc: <a href="http://www.nudoq.org/#!/Packages/AntiXSS/AntiXssLibrary/Encoder/M/LdapDistinguishedNameEncode">LdapDistinguishedNameEncode</a>.</li>

csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.qhelp

@@ -51,7 +51,7 @@ This next example shows how to specify the <code>X-Frame-Options</code> header w
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet">Clickjacking Defense Cheat Sheet</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html">Clickjacking Defense Cheat Sheet</a>.
 </li>
 <li>
 Mozilla:

csharp/ql/src/Security Features/CWE-601/UrlRedirect.qhelp

@@ -32,7 +32,7 @@ It also shows how to remedy the problem by validating the user input against a k
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS
 Unvalidated Redirects and Forwards Cheat Sheet</a>.
 </li>
 <li>

csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.qhelp

@@ -38,7 +38,7 @@ The solution is to set the <code>DtdProcessing</code> property to <code>DtdProce
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet">XML External Entity (XXE) Prevention Cheat Sheet</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html">XML External Entity (XXE) Prevention Cheat Sheet</a>.
 </li>
 <li>
 Microsoft Docs: <a href="https://msdn.microsoft.com/en-us/library/system.xml.xmlreadersettings(v=vs.110).aspx#Anchor_6">System.XML: Security considerations</a>.

java/ql/src/Security/CWE/CWE-079/XSS.qhelp

@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.</p>
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 (Cross Site Scripting) Prevention Cheat Sheet</a>.
 </li>
 <li>

java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp

@@ -67,7 +67,7 @@ in the environment variable or user-supplied value are not given any special tre
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
 Injection Prevention Cheat Sheet</a>.
 </li>
 <li>The CERT Oracle Secure Coding Standard for Java:

java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp

@@ -39,7 +39,7 @@ treatment.</p>
 
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
 Injection Prevention Cheat Sheet</a>.
 </li>
 <li>The CERT Oracle Secure Coding Standard for Java:

java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp

@@ -37,7 +37,7 @@ connection is a secure SSL connection.</p>
 Class HttpsURLConnection</a>.</li>
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
 </li>