References

Bibliographic references cited across the CWE and CAPEC catalogs

All CWE CAPEC
REF-244 CWE
Computer Security: Art and Science
M. Bishop · 2003
2 citation(s)
REF-245 CWE
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, Vitaly Shmatikov · 2012
2 citation(s)
REF-249 CWE
Secure programming with the OpenSSL API, Part 2: Secure handshake
Kenneth Ballard · 2005
1 citation(s)
REF-250 CWE
An Introduction to OpenSSL Programming (Part I)
Eric Rescorla · 2001
1 citation(s)
REF-257 CWE
Top 25 Series - Rank 19 - Missing Authentication for Critical Function
Frank Kim · 2010
1 citation(s)
REF-265 CWE
Top 25 Series - Rank 10 - Missing Encryption of Sensitive Data
Frank Kim · 2010
1 citation(s)
REF-267 CWE
FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology · 2001
15 citation(s)
REF-271 CWE
Top 10 2007-Insecure Communications
OWASP · 2007
1 citation(s)
REF-280 CWE
Applied Cryptography
Bruce Schneier · 1996
1 citation(s)
REF-281 CWE
Handbook of Applied Cryptography
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone · 1996
1 citation(s)
REF-282 CWE
Avoiding bogus encryption products: Snake Oil FAQ
C Matthew Curtin · 1998
1 citation(s)
REF-284 CWE
Microsoft Scraps Old Encryption in New Code
Paul F. Roberts · 2005
1 citation(s)
REF-287 CWE
Top 25 Series - Rank 24 - Use of a Broken or Risky Cryptographic Algorithm
Johannes Ullrich · 2010
1 citation(s)
REF-289 CWE
MD5 considered harmful today
Alexander Sotirov et al.
1 citation(s)
REF-291 CWE
bcrypt
Johnny Shelley
4 citation(s)
REF-292 CWE
Tarsnap - The scrypt key derivation function and encryption utility
Colin Percival
4 citation(s)
REF-293 CWE
RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0
B. Kaliski · 2000
4 citation(s)
REF-294 CWE
How To Safely Store A Password
Coda Hale · 2010
4 citation(s)
REF-295 CWE
How Companies Can Beef Up Password Security (interview with Thomas H. Ptacek)
Brian Krebs · 2012
4 citation(s)
REF-296 CWE
Password security: past, present, future
Solar Designer · 2012
4 citation(s)
REF-297 CWE
Our password hashing has no clothes
Troy Hunt · 2012
4 citation(s)
REF-298 CWE
Should we really use bcrypt/scrypt?
Joshbw · 2012
4 citation(s)
REF-320 CWE
Strange Attractors and TCP/IP Sequence Number Analysis
Michal Zalewski · 2001
1 citation(s)
REF-324 CWE
A Taxonomy of Security Faults in the UNIX Operating System
Taimur Aslam · 1995
2 citation(s)
REF-329 CWE
Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images)
Peter W
1 citation(s)
REF-330 CWE
Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
OWASP
1 citation(s)
REF-331 CWE
Cross-Site Request Forgeries: Exploitation and Prevention
Edward W. Felten, William Zeller · 2008
1 citation(s)
REF-332 CWE
CSRF - The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Robert Auger
1 citation(s)
REF-333 CWE
Cross-site request forgery
· 2008
1 citation(s)
REF-334 CWE
Top 25 Series - Rank 4 - Cross Site Request Forgery
Jason Lam · 2010
1 citation(s)
REF-335 CWE
Preventing CSRF and XSRF Attacks
Jeff Atwood · 2008
1 citation(s)
REF-338 CWE
AOL man pleads guilty to selling 92m email addies
J. Oates · 2005
1 citation(s)
REF-339 CWE
Guide to Protecting the Confidentiality of Personally Identifiable Information (SP 800-122)
NIST · 2010
1 citation(s)
REF-340 CWE
Safe Harbor Privacy Framework
U.S. Department of Commerce
1 citation(s)
REF-341 CWE
Financial Privacy: The Gramm-Leach Bliley Act (GLBA)
Federal Trade Commission
1 citation(s)
REF-342 CWE
Health Insurance Portability and Accountability Act (HIPAA)
U.S. Department of Human Services
1 citation(s)
REF-343 CWE
California SB-1386
Government of the State of California · 2002
1 citation(s)
REF-349 CWE
volatile - Multithreaded Programmer's Best Friend
Andrei Alexandrescu · 2008
1 citation(s)
REF-350 CWE
Thread-safe webapps using Spring
Steven Devijver
1 citation(s)
REF-351 CWE
Prevent race conditions
David Wheeler · 2007
1 citation(s)
REF-352 CWE
Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux
Matt Bishop · 1995
1 citation(s)
REF-353 CWE
Secure Programming for Linux and Unix HOWTO
David Wheeler · 2003
1 citation(s)
REF-354 CWE
Discovering and Exploiting Named Pipe Security Flaws for Fun and Profit
Blake Watts · 2002
2 citation(s)
REF-355 CWE
On Race Vulnerabilities in Web Applications
Roberto Paleari, Davide Marrone, Danilo Bruschi, Mattia Monga
1 citation(s)
REF-356 CWE
Avoiding Race Conditions and Insecure File Operations
1 citation(s)
REF-357 CWE
Top 25 Series - Rank 25 - Race Conditions
Johannes Ullrich · 2010
1 citation(s)
REF-360 CWE
Delivering Signals for Fun and Profit
Michal Zalewski
3 citation(s)
REF-361 CWE
Race Condition: Signal Handling
3 citation(s)
REF-367 CWE
Portably Solving File TOCTTOU Races with Hardness Amplification
Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva · 2008
1 citation(s)
REF-371 CWE
Handling Errors Exceptionally Well in C++
Alex Allain
1 citation(s)
« 3 / 21 »