diff --git a/rules/S4502/see.adoc b/rules/S4502/see.adoc
index 93793bdc7c7..082c5599c62 100644
--- a/rules/S4502/see.adoc
+++ b/rules/S4502/see.adoc
@@ -3,6 +3,7 @@
 * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
 * CWE - https://cwe.mitre.org/data/definitions/352[CWE-352 - Cross-Site Request Forgery (CSRF)]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
-* https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery]
+* OWASP - https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222603[Application Security and Development: V-222603] - The application must protect from Cross-Site Request Forgery (CSRF) vulnerabilities.
+* PortSwigger - https://portswigger.net/research/web-storage-the-lesser-evil-for-session-tokens[Web storage: the lesser evil for session tokens]
 
diff --git a/rules/S5131/common/resources/articles.adoc b/rules/S5131/common/resources/articles.adoc
index 45c37acca1d..fc6532e1632 100644
--- a/rules/S5131/common/resources/articles.adoc
+++ b/rules/S5131/common/resources/articles.adoc
@@ -1,5 +1,6 @@
 === Articles & blog posts
 
-* https://blog.sonarsource.com/wordpress-stored-xss-vulnerability[SonarSource, WordPress 5.8.2 Stored XSS Vulnerability]
-* https://blog.sonarsource.com/ghost-admin-takeover[SonarSource, Ghost CMS 4.3.2 - Cross-Origin Admin Takeover]
-* https://samy.pl/myspace/[Samy Kamkar, The MySpace Worm]
+* SonarSource - https://blog.sonarsource.com/wordpress-stored-xss-vulnerability[WordPress 5.8.2 Stored XSS Vulnerability]
+* SonarSource - https://blog.sonarsource.com/ghost-admin-takeover[Ghost CMS 4.3.2 - Cross-Origin Admin Takeover]
+* Samy Kamkar - https://samy.pl/myspace/[The MySpace Worm]
+* James Kettle, PortSwigger - https://portswigger.net/research/web-storage-the-lesser-evil-for-session-tokens[Web Storage: The Lesser Evil for Session Tokens]