[1] 4th language in the TPCI, March 2007 http://www.tiobe.com/tpci.htm
[2] Acunetix Web Vulnerability Scanner, http://www.acunetix.com/
[3] Ajax Technologies, http://adaptivepath.com/publications/essays/archives/000385.php
[4] Ajax Worms, http://www.whitehatsec.com/downloads/WHXSSThreats.pdf
[5] Sean Barnum, Amit Sethi, Attack Pattern Glossary, in Build Security In.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590.pdf
[6] Cenzic Hailstorm http://www.cenzic.com/products_services/cenzic_hailstorm.php
[7] Chinotec Technology Company, Paros for Web Application Security Assessment, http://parosproxy.org/index.shtml
[8] Steve Christey, ''Vulnerability Type Distributions in CVE,'' http://cwe.mitre.org/documents/vuln-trends.html, Oct. 2006
[9] Common Attack Pattern Enumeration and Classification (CAPEC)
http://capec.mitre.org/
[10] E. Fong and V. Okun, “Web Application Scanners: Definitions and Functions,” in Proceedings of HICSS-40 Conference, Jan 3-6, 2007, Hawaii, USA.
[11] Jeremiah Grossman, The Five Myths of Web Application Security, WhiteHat Security, Inc, 2005.
[12] Shanit Gupta, Foundstone Hacme Bank v. 2.0 Software Security Training Application, April 2006, http://www.foundstone.com/resources/whitepapers/hacmebank_userguide2.pdf
[13] Robert Hansen, Cross Site Scripting Cheating Sheet, http://ha.ckers.org/xss.html
[14] G. McGraw, ''Software Security: Building Security In'', Addison-Wesley Software Security Series, 2006
[15] National Vulnerability Database (NVD), http://nvd.nist.gov/
[16] National Institute of Standards and Technology (NIST), “Engineering Principles for Information Technology Security (A Baseline for Achieving Security)”, NIST SP 800-27, Revision A, June 2004, http://csrc.nist.gov/publications/nistpubs/
[17] OWASP, Top Ten Project, http://www.owasp.org/index.php/OWASP_Top_Ten_Project
[18] OWASP, Pantera Web Assessment Studio Project, http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
[19] OWASP Site Generator Project,
http://www.owasp.org/index.php/Owasp_SiteGenerator
[20] OWASP, WebGoat Project, http://www.owasp.org/software/webgoat.html.
[21] Prescatore, John, Gartner, quoted in Computerworld, Feb 25, 2005. http://www.computerworld.com/printhis/2005/0,4814,99981,00.html
[22] SAMATE Reference Dataset, http://samate.nist.gov/SRD/
[23] SAMATE project Web Application Scanners, http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners
[24] SpiDynamics, WebInspect http://www.spidynamics.com/products/webinspect/index.html
[25] Web Application Security Consortium, WASC, “Threat Classification,” http://www.webappsec.org/projects/threat/
[26] Watchfire, AppScan
http://www.watchfire.com/products/appscan/default.aspx
[2] Acunetix Web Vulnerability Scanner, http://www.acunetix.com/
[3] Ajax Technologies, http://adaptivepath.com/publications/essays/archives/000385.php
[4] Ajax Worms, http://www.whitehatsec.com/downloads/WHXSSThreats.pdf
[5] Sean Barnum, Amit Sethi, Attack Pattern Glossary, in Build Security In.
https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/attack/590.pdf
[6] Cenzic Hailstorm http://www.cenzic.com/products_services/cenzic_hailstorm.php
[7] Chinotec Technology Company, Paros for Web Application Security Assessment, http://parosproxy.org/index.shtml
[8] Steve Christey, ''Vulnerability Type Distributions in CVE,'' http://cwe.mitre.org/documents/vuln-trends.html, Oct. 2006
[9] Common Attack Pattern Enumeration and Classification (CAPEC)
http://capec.mitre.org/
[10] E. Fong and V. Okun, “Web Application Scanners: Definitions and Functions,” in Proceedings of HICSS-40 Conference, Jan 3-6, 2007, Hawaii, USA.
[11] Jeremiah Grossman, The Five Myths of Web Application Security, WhiteHat Security, Inc, 2005.
[12] Shanit Gupta, Foundstone Hacme Bank v. 2.0 Software Security Training Application, April 2006, http://www.foundstone.com/resources/whitepapers/hacmebank_userguide2.pdf
[13] Robert Hansen, Cross Site Scripting Cheating Sheet, http://ha.ckers.org/xss.html
[14] G. McGraw, ''Software Security: Building Security In'', Addison-Wesley Software Security Series, 2006
[15] National Vulnerability Database (NVD), http://nvd.nist.gov/
[16] National Institute of Standards and Technology (NIST), “Engineering Principles for Information Technology Security (A Baseline for Achieving Security)”, NIST SP 800-27, Revision A, June 2004, http://csrc.nist.gov/publications/nistpubs/
[17] OWASP, Top Ten Project, http://www.owasp.org/index.php/OWASP_Top_Ten_Project
[18] OWASP, Pantera Web Assessment Studio Project, http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
[19] OWASP Site Generator Project,
http://www.owasp.org/index.php/Owasp_SiteGenerator
[20] OWASP, WebGoat Project, http://www.owasp.org/software/webgoat.html.
[21] Prescatore, John, Gartner, quoted in Computerworld, Feb 25, 2005. http://www.computerworld.com/printhis/2005/0,4814,99981,00.html
[22] SAMATE Reference Dataset, http://samate.nist.gov/SRD/
[23] SAMATE project Web Application Scanners, http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners
[24] SpiDynamics, WebInspect http://www.spidynamics.com/products/webinspect/index.html
[25] Web Application Security Consortium, WASC, “Threat Classification,” http://www.webappsec.org/projects/threat/
[26] Watchfire, AppScan
http://www.watchfire.com/products/appscan/default.aspx
No comments:
Post a Comment