References

Bibliographic references cited across the CWE and CAPEC catalogs

All CWE CAPEC
REF-1258 CWE
Random early detection
Wikipedia
REF-1259 CWE
Transport Layer Security
Wikipedia
REF-1260 CWE
The Great DNS Vulnerability of 2008 by Dan Kaminsky
Thu T. Pham · 2016
REF-1261 CWE
A Software Flaw Taxonomy: Aiming Tools At Security
Sam Weber, Paul A. Karger, Amit Paradkar · 2005
REF-1262 CWE
Follow the Link: Exploiting Symbolic Links with Ease
Eran Shimony · 2019
1 citation(s)
REF-1263 CWE
A Link to the Past - Abusing Symbolic Links on Windows
James Forshaw
REF-1264 CWE
Windows 10^H^H Symbolic Link Mitigations
James Forshaw · 2015
1 citation(s)
REF-1265 CWE
Symbolic testing tools
1 citation(s)
REF-1266 CWE
Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP
Shubham Dubey · 2020
1 citation(s)
REF-1267 CWE
Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks
Simon Zuckerbraun · 2022
1 citation(s)
REF-1268 CWE
2022 CWE Top 25 Most Dangerous Software Weaknesses
· 2022
REF-1271 CWE
Abusing privileged file operations
Clément Lavoillotte · 2019
1 citation(s)
REF-1272 CWE
HTTP Request Splitting
Robert Auger · 2011
1 citation(s)
REF-1273 CWE
HTTP Response Smuggling
Robert Auger · 2011
1 citation(s)
REF-1274 CWE
HTTP Request Smuggling: Complete Guide to Attack Types and Prevention
Dzevad Alibegovic · 2021
1 citation(s)
REF-1275 CWE
A Pentester's Guide to HTTP Request Smuggling
Busra Demir · 2020
1 citation(s)
REF-1276 CWE
HTTP Desync Attacks in the Wild and How to Defend Against Them
Edi Kogan, Daniel Kerman · 2019
1 citation(s)
REF-1277 CWE
HTTP Desync Attacks: Request Smuggling Reborn
James Kettle · 2019
1 citation(s)
REF-1278 CWE
HTTP request smuggling
PortSwigger
1 citation(s)
REF-1279 CWE
Neutralizing Your Inputs: A Log4Shell Weakness Story
CWE/CAPEC
1 citation(s)
REF-1280 CWE
Expression Language Injection
OWASP
1 citation(s)
REF-1281 CWE
The sinking of the Sleipner A offshore platform
Douglas N. Arnold
REF-1282 CWE
Zip Slip Vulnerability
Snyk · 2018
2 citation(s)
REF-1283 CWE
OT:ICEFALL: The legacy of "insecure by design" and its implications for certifications and risk management
Forescout Vedere Labs · 2022
20 citation(s)
REF-1284 CWE
Universal "netmask" npm package, used by 270,000+ projects, vulnerable to octal input data
Sick Codes · 2021
1 citation(s)
REF-1285 CWE
Physical Security Attacks Against Silicon Devices
Texas Instruments · 2022
4 citation(s)
REF-1286 CWE
On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks
Lennert Wouters, Benedikt Gierlichs, Bart Preneel · 2022
4 citation(s)
REF-1287 CWE
Supplemental Details - 2022 CWE Top 25
MITRE · 2022
7 citation(s)
REF-1288 CWE
Ethical hacking of a Smart Automatic Feed Dispenser
Julia Lokrantz · 2021
2 citation(s)
REF-1289 CWE
Time for Password Expiration to Die
Lance Spitzner · 2021
2 citation(s)
REF-1290 CWE
Time to rethink mandatory password changes
Lorrie Cranor · 2016
2 citation(s)
REF-1291 CWE
Security Myths and Passwords
Eugene Spafford · 2006
2 citation(s)
REF-1292 CWE
Password administration for system owners
National Cyber Security Centre · 2018
2 citation(s)
REF-1293 CWE
Digital Identity Guidelines: Authentication and Lifecycle Management(SP 800-63B)
NIST · 2017
2 citation(s)
REF-1294 CWE
Let them paste passwords
National Cyber Security Centre · 2017
2 citation(s)
REF-1295 CWE
Over 80 US Municipalities' Sensitive Information, Including Resident's Personal Data, Left Vulnerable in Massive Data Breach
WizCase · 2021
2 citation(s)
REF-1296 CWE
1,000 GB of local government data exposed by Massachusetts software company
Jonathan Greig · 2021
2 citation(s)
REF-1297 CWE
AWS Foundational Security Best Practices controls
Amazon · 2022
2 citation(s)
REF-1298 CWE
Authentication and authorization in Azure App Service and Azure Functions
Microsoft · 2021
1 citation(s)
REF-1299 CWE
Azure encryption overview
Microsoft · 2022
1 citation(s)
1300 CWE
The Developer's Guide to Azure
Microsoft · 2021
REF-1301 CWE
Default encryption at rest
Google Cloud · 2022
1 citation(s)
REF-1302 CWE
Authentication and authorization use cases
Google Cloud · 2022
1 citation(s)
REF-1303 CWE
Researchers Out Default Passwords Packaged With ICS/SCADA Wares
Kelly Jackson Higgins · 2016
2 citation(s)
REF-1304 CWE
ICS Alert (ICS-ALERT-13-164-01): Medical Devices Hard-Coded Passwords
ICS-CERT · 2013
3 citation(s)
REF-1305 CWE
Discussion Thread: Time to retire CWE-262 and CWE-263
Kurt Seifried and other members of the CWE-Research mailing list · 2021
2 citation(s)
REF-1306 CWE
Remediate anonymous public read access to blob data (Azure Resource Manager deployments)
Microsoft · 2022
REF-1307 CWE
CIS Microsoft Azure Foundations Benchmark version 1.5.0
Center for Internet Security · 2022
5 citation(s)
REF-1308 CWE
Enable and manage Azure Storage Analytics logs (classic)
Microsoft · 2023
1 citation(s)
REF-1309 CWE
Require secure transfer to ensure secure connections
Microsoft · 2022
1 citation(s)
« 25 / 30 »