1 |
The Open Web Application Security Project (OWA SP), Available Online at http://www.owasp.org. Accessed in Sep. 2011
|
2 |
Homeland Security: Common Weakness Enumeration (CWE), Available Online at http://cwe.mitre.org. Accessed in Sep. 2011
|
3 |
M. Howard, D. LeBlanc, and J. Viega, 19 Deadly Sins of Software Security - Programming Flaws and How to Fix Them, McGraw-Hill, 2005
|
4 |
S. Wagner, D. M. Fernandez, S. Islam, and K. Lochmann, "A Security Requirements Approach for Web Systems", Proc. of Quality Assessment in Web (QAW2009), CEUR, 2009.
|
5 |
P. Mell, K. Scarfone and S. Romanosky, "Common Vulnerability Scoring System", IEEE Security & Privacy, pp. 85-89, Nov./Dec. 2006.
|
6 |
Kukinews, "[Financial hacking is an Emergency] Hacking Method Viewed by Experts", Apr. 11, 2011. Available Online at http://news.kukinews.com/article/view.asp?page=1&gCode=kmi&arcid=0004844041&cp=du Accessed in Oct. 2011
|
7 |
WhiteHat Security, Inc., "Measuring Website Security: Windows of Exposure", WhiteHat Website Security Statistics Report, 11th Edition, Winter 2011,http://img.en25.com/Web/WhiteHatSecurityInc/WPstats_winter11_11th.pdf
|
8 |
National Institute of Standards and Technology. National Vulnerability Database (NVD). Available at: http://nvd.nist.gov, 2011.
|
9 |
CWE-79 Improper Neutralization of Input During Web Page Generation('Cross-site Scripting'), Available Online at http://cwe.mitre.org/data/definitions/79.html, Accessed in Oct. 2011
|
10 |
Y. Kim, S. Shin, J. Ahn, O. Lee, E. Lee and H. Han, "Analysis and Documentation of Korean Common Weakness Enumeration for Software Security", Communications of the Korean Institute of Information Scientists and Engineers, Vol. 28, No. 2, pp. 20-31, Feb. 2010.
|
11 |
K. Tsipenyuk, B. Chess and G. McGraw, "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors", IEEE Security & Privacy, pp. 81-84, Nov./Dec. 2005.
|
12 |
R. A. Martin, S. M. Christey and J. Jarzombek, "The Case for Common Flaw Enumeration", NIST Workshop on Software Security Assurance Tools, Techniques and Metrics, November, 2005.
|
13 |
R. A. Martin and S. Barnum, "A Status Update: The Common Weaknesses Enumeration", Proc. of the Static Analysis Summit (NIST Special Publication 500-262), pp. 62-64, July 2006.
|
14 |
A. Tripathi and U.K. Singh, "Towards Standardization of Vulnerability Taxonomy", Proc. of the 2nd International Conference on Computer Technology and Development (ICCTD), pp. 379-384, Nov. 2010.
|
15 |
J. A. Wang, H. Wang, M. Guo and M. Xia, "Security metrics for software systems", Proc. of the 47th Annual Southeast Regional Conference (ACM-SE-47), 2009.
|
16 |
A. Wiesmann, A. van der Stock, M. Curphey, R. Stirbei, A Guide to Building Secure Web Applicat ions and Web Services, OWASP, 2005.
|