CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
References
Bibliographic references cited across the CWE and CAPEC catalogs
All
CWE
CAPEC
REF-867
CWE
SQL Injection Prevention Cheat Sheet
OWASP
1 citation(s)
REF-868
CWE
SQL Injection Attacks by Example
Steven Friedl · 2007
1 citation(s)
REF-869
CWE
SQL Injection Cheat Sheet
Ferruh Mavituna · 2007
1 citation(s)
REF-870
CWE
The Database Hacker's Handbook: Defending Database Servers
David Litchfield, Chris Anley, John Heasman, Bill Grindlay · 2005
1 citation(s)
REF-871
CWE
The Oracle Hacker's Handbook: Hacking and Defending Oracle
David Litchfield · 2007
1 citation(s)
REF-872
CWE
SQL Injection
Microsoft · 2008
1 citation(s)
REF-873
CWE
SQL Injection Attack
Microsoft Security Vulnerability Research & Defense
1 citation(s)
REF-874
CWE
Giving SQL Injection the Respect it Deserves
Michael Howard · 2008
1 citation(s)
REF-875
CWE
Top 25 Series - Rank 2 - SQL Injection
Frank Kim · 2010
1 citation(s)
REF-879
CWE
Web Applications and LDAP Injection
SPI Dynamics
1 citation(s)
REF-882
CWE
Blind XPath Injection
Amit Klein · 2004
1 citation(s)
REF-884
CWE
Windows Kernel Reference Count Vulnerabilities - Case Study
Mateusz "j00ru" Jurczyk · 2012
1 citation(s)
REF-885
CWE
Shocking News in PHP Exploitation
Stefan Esser · 2009
1 citation(s)
REF-886
CWE
"Two Security Vulnerabilities in the Spring Framework's MVC" pdf (from 2008)
Dinis Cruz
1 citation(s)
REF-887
CWE
Two Security Vulnerabilities in the Spring Framework's MVC
Ryan Berg, Dinis Cruz
1 citation(s)
REF-888
CWE
Best Practices for ASP.NET MVC
ASPNETUE · 2010
1 citation(s)
REF-889
CWE
Mass assignment in Rails applications
Michael Hartl · 2008
1 citation(s)
REF-890
CWE
Secure your Rails apps!
Tobi · 2012
1 citation(s)
REF-891
CWE
Ruby On Rails Security Guide
Heiko Webers
1 citation(s)
REF-892
CWE
Mass Assignment Vulnerability in ASP.NET MVC
Josh Bush · 2012
1 citation(s)
REF-893
CWE
6 Ways To Avoid Mass Assignment in ASP.NET MVC
K. Scott Allen · 2012
1 citation(s)
REF-894
CWE
PHP Object Injection
Egidio Romano · 2013
1 citation(s)
REF-908
CWE
Password hashing at scale
Solar Designer · 2012
1 citation(s)
REF-909
CWE
New developments in password hashing: ROM-port-hard functions
Solar Designer · 2012
1 citation(s)
REF-911
CWE
Expression Language Injection
Stefano Di Paola, Arshan Dabirsiaghi · 2011
1 citation(s)
REF-912
CWE
Remote Code with Expression Language Injection
Dan Amodio · 2012
1 citation(s)
REF-913
CWE
SSRF vs. Business-critical applications: XXE tunneling in SAP
Alexander Polyakov, Dmitry Chastukhin · 2012
1 citation(s)
REF-914
CWE
SSRF vs. Business-critical Applications. Part 1: XXE Tunnelling in SAP NetWeaver
Alexander Polyakov, Dmitry Chastukhin, Alexey Tyurin
1 citation(s)
REF-915
CWE
Cross Site Port Attacks - XSPA - Part 1
Riyaz Ahemed Walikar · 2012
1 citation(s)
REF-916
CWE
Cross Site Port Attacks - XSPA - Part 2
Riyaz Ahemed Walikar · 2012
1 citation(s)
REF-917
CWE
Cross Site Port Attacks - XSPA - Part 3
Riyaz Ahemed Walikar · 2012
1 citation(s)
REF-918
CWE
SSRF attacks and sockets: smorgasbord of vulnerabilities
Vladimir Vorontsov, Alexander Golovko
1 citation(s)
REF-919
CWE
SSRF bible. Cheatsheet
ONsec Lab · 2013
1 citation(s)
REF-920
CWE
Web Portals: Gateway To Information, Or A Hole In Our Perimeter Defenses
Deral Heiland · 2008
1 citation(s)
REF-921
CWE
Security Tips
Android Open Source Project · 2013
1 citation(s)
REF-922
CWE
Analyzing Inter-Application Communication in Android
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner
2 citation(s)
REF-923
CWE
Security Tips
Android Open Source Project · 2013
2 citation(s)
REF-926
CWE
Top 10 2013
· 2013
REF-927
CWE
Top 10 2013-A1-Injection
OWASP
REF-928
CWE
CRLF Injection
Ulf Harnhammar · 2002
1 citation(s)
REF-929
CWE
Top 10 2013-A2-Broken Authentication and Session Management
OWASP
REF-930
CWE
Top 10 2013-A3-Cross-Site Scripting (XSS)
OWASP
REF-931
CWE
Top 10 2013-A4-Insecure Direct Object References
OWASP
REF-932
CWE
Top 10 2013-A5-Security Misconfiguration
OWASP
REF-933
CWE
Top 10 2013-A6-Sensitive Data Exposure
OWASP
REF-934
CWE
Top 10 2013-A7-Missing Function Level Access Control
OWASP
REF-935
CWE
Top 10 2013-A8-Cross-Site Request Forgery (CSRF)
OWASP
REF-936
CWE
Top 10 2013-A9-Using Components with Known Vulnerabilities
OWASP
REF-937
CWE
Top 10 2013-A10-Unvalidated Redirects and Forwards
OWASP
REF-938
CWE
Scheming for Privacy and Security
Guillaume Ross · 2013
1 citation(s)
«
9 / 21
»