References

Bibliographic references cited across the CWE and CAPEC catalogs

All CWE CAPEC
REF-1 CWE
CWE - Common Weakness Enumeration
NIST
REF-2 CWE
HttpOnly
OWASP
1 citation(s)
REF-3 CWE
Some Bad News and Some Good News
Michael Howard · 2002
1 citation(s)
REF-4 CWE
C is for cookie, H is for hacker - understanding HTTP only and Secure cookies
Troy Hunt · 2013
1 citation(s)
REF-5 CWE
Mitigating Cross-site Scripting With HTTP-only Cookies
Microsoft
1 citation(s)
REF-6 CWE
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
Katrina Tsipenyuk, Brian Chess, Gary McGraw · 2005
69 citation(s)
REF-7 CWE
Writing Secure Code
Michael Howard, David LeBlanc · 2002
53 citation(s)
REF-8 CWE
The 2011 IDN Homograph Attack Mitigation Survey
Gregory Baatard, Peter Hannay · 2012
1 citation(s)
REF-9 CWE
A Catalog of Security Architecture Weaknesses.
Santos, J. C. S., Tarrit, K., Mirakhorli, M. · 2017
REF-10 CWE
Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.
Santos, J. C. S., Peruma, A., Mirakhorli, M., Galster, M., Sejfia, A. · 2017
REF-11 CWE
Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom · 2018
1 citation(s)
REF-12 CWE
Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg · 2018
1 citation(s)
REF-13 CWE
CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition
Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, Carl A. Gunter · 2018
1 citation(s)
REF-14 CWE
Audio Adversarial Examples: Targeted Attacks on Speech-to-Text
Nicholas Carlini, David Wagner · 2018
1 citation(s)
REF-15 CWE
Magic AI: These are the Optical Illusions that Trick, Fool, and Flummox Computers
James Vincent · 2017
1 citation(s)
REF-16 CWE
Intriguing properties of neural networks
Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus · 2014
1 citation(s)
REF-17 CWE
Attacking Machine Learning with Adversarial Examples
OpenAI · 2017
1 citation(s)
REF-18 CWE
The CLASP Application Security Process
Secure Software, Inc. · 2005
84 citation(s)
REF-19 CWE
System Assurance
Nikolai Mansourov, Djenana Campara · 2010
REF-20 CWE
Task Order 0006: Vulnerability Path Analysis and Demonstration (VPAD). Volume 2 - White Box Definitions of Software Fault Patterns
Ben Calloni, Nikolai Mansourov, Djenana Campara · 2011
REF-21 CWE
CSV Injection
OWASP · 2020
1 citation(s)
REF-22 CWE
Data Extraction to Command Execution CSV Injection
Jamie Rougvie · 2019
1 citation(s)
REF-23 CWE
The Absurdly Underestimated Dangers of CSV Injection
George Mauer · 2017
1 citation(s)
REF-24 CWE
Comma Separated Vulnerabilities
James Kettle · 2014
1 citation(s)
REF-35 CWE
Clickjacking For Shells
Andrew Horton
1 citation(s)
REF-36 CWE
Clickjacking - OWASP
OWASP
1 citation(s)
REF-37 CWE
SecTheory
Internet Security
1 citation(s)
REF-38 CWE
Content Security Policy Level 3
W3C
1 citation(s)
REF-39 CWE
Target="_blank" - the most underestimated vulnerability ever
Alex Yumashev · 2016
1 citation(s)
REF-40 CWE
The target="_blank" vulnerability by example
Ben Halpern · 2016
1 citation(s)
REF-41 CWE
Fortify Descriptions
Fortify Software
1 citation(s)
REF-42 CWE
The Java(TM) Tutorial: The Java Native Interface
Beth Stearns · 2005
1 citation(s)
REF-43 CWE
OWASP TOP 10
OWASP · 2007
2 citation(s)
REF-44 CWE
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega · 2010
87 citation(s)
REF-45 CWE
OWASP Enterprise Security API (ESAPI) Project
OWASP
16 citation(s)
REF-46 CWE
Output Sanitization
Joshbw · 2008
1 citation(s)
REF-47 CWE
Sanitizing user data: How and where to do it
Niyaz PK · 2008
1 citation(s)
REF-48 CWE
Input validation or output filtering, which is better?
Jeremiah Grossman · 2007
2 citation(s)
REF-49 CWE
Input Validation - Not That Important
Jim Manico · 2008
1 citation(s)
REF-50 CWE
Preventing XSS with Correct Output Encoding
Michael Eddington
1 citation(s)
REF-52 CWE
Exploiting Software: How to Break Code
Greg Hoglund, Gary McGraw · 2004
1 citation(s)
REF-53 CWE
The night the log was forged
Alec Muffet
1 citation(s)
REF-56 CWE
Using the Strsafe.h Functions
Microsoft
5 citation(s)
REF-57 CWE
Safe C String Library v1.0.3
Matt Messier, John Viega
5 citation(s)
REF-58 CWE
Address Space Layout Randomization in Windows Vista
Michael Howard
9 citation(s)
REF-59 CWE
Limiting buffer overflows with ExecShield
Arjan van de Ven
4 citation(s)
REF-60 CWE
PaX
9 citation(s)
REF-61 CWE
Understanding DEP as a mitigation technology part 1
Microsoft
7 citation(s)
REF-62 CWE
The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh · 2006
120 citation(s)
REF-64 CWE
Position Independent Executables (PIE)
Grant Murphy · 2012
9 citation(s)
1 / 21 »