References

Bibliographic references cited across the CWE and CAPEC catalogs

All CWE CAPEC
REF-497 CWE
XML External Entity Attacks (XXE)
Sascha Herzog · 2010
1 citation(s)
REF-498 CWE
XXE (Xml eXternal Entity) Attack
Gregory Steuck
1 citation(s)
REF-499 CWE
XML External Entities (XXE) Attack
WASC
1 citation(s)
REF-500 CWE
XML Denial of Service Attacks and Defenses
Bryan Sullivan · 2009
2 citation(s)
REF-501 CWE
Preventing XXE in PHP
Chris Cornutt
1 citation(s)
REF-502 CWE
A Study in Scarlet - section 5, "File Upload"
Shaun Clowes
1 citation(s)
REF-503 CWE
Developing Secure ActiveX Controls
Microsoft · 2005
3 citation(s)
REF-505 CWE
The Oracle Hacker's Handbook
David Litchfield
1 citation(s)
REF-506 CWE
Cursor Injection
David Litchfield
1 citation(s)
REF-510 CWE
How to stop an ActiveX control from running in Internet Explorer
Microsoft
2 citation(s)
REF-514 CWE
Perl CGI problems
Rain Forest Puppy · 1999
2 citation(s)
REF-515 CWE
0x00 vs ASP file upload scripts
Brett Moore
1 citation(s)
REF-516 CWE
ShAnKaR: multiple PHP application poison NULL byte vulnerability
ShAnKaR
2 citation(s)
REF-517 CWE
Dynamic Evaluation Vulnerabilities in PHP applications
Steve Christey · 2006
1 citation(s)
REF-518 CWE
A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications
Shaun Clowes
1 citation(s)
REF-522 CWE
Failing Securely
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-524 CWE
Economy of Mechanism
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-526 CWE
Complete Mediation
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-528 CWE
Top 10 2007-Insecure Direct Object Reference
OWASP · 2007
1 citation(s)
REF-529 CWE
HMAC
· 2011
2 citation(s)
REF-531 CWE
XPath Injection
Web Application Security Consortium
1 citation(s)
REF-535 CWE
Separation of Privilege
Sean Barnum, Michael Gegick · 2005
2 citation(s)
REF-539 CWE
Psychological Acceptability
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-540 CWE
Usability of Security: A Case Study
J. D. Tygar, Alma Whitten · 1998
1 citation(s)
REF-542 CWE
RFC: 793, TRANSMISSION CONTROL PROTOCOL
Jon Postel, Editor · 1981
2 citation(s)
REF-544 CWE
Never Assuming that Your Secrets Are Safe
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-546 CWE
Design Principles
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-547 CWE
Java Concurrency API
SUN
1 citation(s)
REF-548 CWE
Use reentrant functions for safer signal handling
Dipak Jha, Software Engineer, IBM
1 citation(s)
REF-554 CWE
Security Development Lifecycle (SDL) Banned Function Calls
Michael Howard · 2011
3 citation(s)
REF-562 CWE
Windows NTFS Alternate Data Streams
Don Parker · 2005
1 citation(s)
REF-565 CWE
Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities
Adam Doupé, Bryce Boe, Christopher Kruegel, Giovanni Vigna
1 citation(s)
REF-567 CWE
A Taxonomy of Security Faults in the UNIX Operating System
Taimur Aslam · 1995
1 citation(s)
REF-568 CWE
Use of A Taxonomy of Security Faults
Taimur Aslam, Ivan Krsul, Eugene H. Spafford · 1995
2 citation(s)
REF-570 CWE
Top 10 2004
· 2004
REF-571 CWE
About the PCI Data Security Standard (PCI DSS)
PCI Security Standards Council
REF-572 CWE
Top 10 2007-Cross Site Scripting
OWASP · 2007
REF-574 CWE
Top 10 2007-Cross Site Request Forgery
OWASP · 2007
REF-575 CWE
Top 10 2007-Information Leakage and Improper Error Handling
OWASP · 2007
REF-577 CWE
Top 10 2007-Insecure Cryptographic Storage
OWASP · 2007
REF-578 CWE
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
NetSec · 2005
1 citation(s)
REF-580 CWE
Top 10 2007-Failure to Restrict URL Access
OWASP · 2007
REF-581 CWE
A1 Unvalidated Input
OWASP · 2004
REF-582 CWE
A2 Broken Access Control
OWASP · 2004
REF-583 CWE
A3 Broken Authentication and Session Management
OWASP · 2004
REF-584 CWE
A4 Cross-Site Scripting (XSS) Flaws
OWASP · 2004
REF-585 CWE
A5 Buffer Overflows
OWASP · 2004
REF-586 CWE
A6 Injection Flaws
OWASP · 2004
REF-587 CWE
A7 Improper Error Handling
OWASP · 2004
REF-588 CWE
A8 Insecure Storage
OWASP · 2004
« 14 / 30 »