[3.1.x] Fixed #31696 -- Updated OWASP links in docs.

Backport of a16080810b from master

docs/ref/class-based-views/mixins-single-object.txt

@@ -66,7 +66,7 @@ Single object mixins
         non-sequential arguments. Using a unique slug may serve the same
         purpose, but this scheme allows you to have non-unique slugs.
 
-        .. _insecure direct object reference: https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
+        .. _insecure direct object reference: https://wiki.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
 
     .. method:: get_object(queryset=None)
 

docs/ref/request-response.txt

@@ -872,7 +872,7 @@ Methods
       Use ``samesite='None'`` (string) to explicitly state that this cookie is
       sent with all same-site and cross-site requests.
 
-    .. _HttpOnly: https://www.owasp.org/index.php/HttpOnly
+    .. _HttpOnly: https://owasp.org/www-community/HttpOnly
     .. _SameSite: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 
     .. versionchanged:: 3.1

docs/ref/settings.txt

@@ -3179,7 +3179,7 @@ vulnerability into full hijacking of a user's session. There aren't many good
 reasons for turning this off. Your code shouldn't read session cookies from
 JavaScript.
 
-.. _HttpOnly: https://www.owasp.org/index.php/HttpOnly
+.. _HttpOnly: https://owasp.org/www-community/HttpOnly
 
 .. setting:: SESSION_COOKIE_NAME