CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
References
Bibliographic references cited across the CWE and CAPEC catalogs
All
CWE
CAPEC
REF-497
CWE
XML External Entity Attacks (XXE)
Sascha Herzog · 2010
1 citation(s)
REF-498
CWE
XXE (Xml eXternal Entity) Attack
Gregory Steuck
1 citation(s)
REF-499
CWE
XML External Entities (XXE) Attack
WASC
1 citation(s)
REF-500
CWE
XML Denial of Service Attacks and Defenses
Bryan Sullivan · 2009
2 citation(s)
REF-501
CWE
Preventing XXE in PHP
Chris Cornutt
1 citation(s)
REF-502
CWE
A Study in Scarlet - section 5, "File Upload"
Shaun Clowes
1 citation(s)
REF-503
CWE
Developing Secure ActiveX Controls
Microsoft · 2005
3 citation(s)
REF-505
CWE
The Oracle Hacker's Handbook
David Litchfield
1 citation(s)
REF-506
CWE
Cursor Injection
David Litchfield
1 citation(s)
REF-510
CWE
How to stop an ActiveX control from running in Internet Explorer
Microsoft
2 citation(s)
REF-514
CWE
Perl CGI problems
Rain Forest Puppy · 1999
2 citation(s)
REF-515
CWE
0x00 vs ASP file upload scripts
Brett Moore
1 citation(s)
REF-516
CWE
ShAnKaR: multiple PHP application poison NULL byte vulnerability
ShAnKaR
2 citation(s)
REF-517
CWE
Dynamic Evaluation Vulnerabilities in PHP applications
Steve Christey · 2006
1 citation(s)
REF-518
CWE
A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications
Shaun Clowes
1 citation(s)
REF-522
CWE
Failing Securely
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-524
CWE
Economy of Mechanism
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-526
CWE
Complete Mediation
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-528
CWE
Top 10 2007-Insecure Direct Object Reference
OWASP · 2007
1 citation(s)
REF-529
CWE
HMAC
· 2011
2 citation(s)
REF-531
CWE
XPath Injection
Web Application Security Consortium
1 citation(s)
REF-535
CWE
Separation of Privilege
Sean Barnum, Michael Gegick · 2005
2 citation(s)
REF-539
CWE
Psychological Acceptability
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-540
CWE
Usability of Security: A Case Study
J. D. Tygar, Alma Whitten · 1998
1 citation(s)
REF-542
CWE
RFC: 793, TRANSMISSION CONTROL PROTOCOL
Jon Postel, Editor · 1981
2 citation(s)
REF-544
CWE
Never Assuming that Your Secrets Are Safe
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-546
CWE
Design Principles
Sean Barnum, Michael Gegick · 2005
1 citation(s)
REF-547
CWE
Java Concurrency API
SUN
1 citation(s)
REF-548
CWE
Use reentrant functions for safer signal handling
Dipak Jha, Software Engineer, IBM
1 citation(s)
REF-554
CWE
Security Development Lifecycle (SDL) Banned Function Calls
Michael Howard · 2011
3 citation(s)
REF-562
CWE
Windows NTFS Alternate Data Streams
Don Parker · 2005
1 citation(s)
REF-565
CWE
Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities
Adam Doupé, Bryce Boe, Christopher Kruegel, Giovanni Vigna
1 citation(s)
REF-567
CWE
A Taxonomy of Security Faults in the UNIX Operating System
Taimur Aslam · 1995
1 citation(s)
REF-568
CWE
Use of A Taxonomy of Security Faults
Taimur Aslam, Ivan Krsul, Eugene H. Spafford · 1995
2 citation(s)
REF-570
CWE
Top 10 2004
· 2004
REF-571
CWE
About the PCI Data Security Standard (PCI DSS)
PCI Security Standards Council
REF-572
CWE
Top 10 2007-Cross Site Scripting
OWASP · 2007
REF-574
CWE
Top 10 2007-Cross Site Request Forgery
OWASP · 2007
REF-575
CWE
Top 10 2007-Information Leakage and Improper Error Handling
OWASP · 2007
REF-577
CWE
Top 10 2007-Insecure Cryptographic Storage
OWASP · 2007
REF-578
CWE
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
NetSec · 2005
1 citation(s)
REF-580
CWE
Top 10 2007-Failure to Restrict URL Access
OWASP · 2007
REF-581
CWE
A1 Unvalidated Input
OWASP · 2004
REF-582
CWE
A2 Broken Access Control
OWASP · 2004
REF-583
CWE
A3 Broken Authentication and Session Management
OWASP · 2004
REF-584
CWE
A4 Cross-Site Scripting (XSS) Flaws
OWASP · 2004
REF-585
CWE
A5 Buffer Overflows
OWASP · 2004
REF-586
CWE
A6 Injection Flaws
OWASP · 2004
REF-587
CWE
A7 Improper Error Handling
OWASP · 2004
REF-588
CWE
A8 Insecure Storage
OWASP · 2004
«
14 / 30
»