1 |
G. McGraw, B. Potter, "Software Security Testing", IEEE Security & Privacy, May 2004.
|
2 |
NIST, "Security Considerations in the Information SDLC", SP 800-64 Rev. 1, 2004.
|
3 |
Swiderski, Frank, and Window Snyder, Threat Modeling, Redmond, WA: Microsoft Pess, 2004.
|
4 |
Yourdon, Ed. Just Enough Structured Analysis project. Chapter9, "Data Flow Diagrams, "http://www.yourdon.com/strucanalysis/chapters /ch9.html.
|
5 |
Open Source Vulnerability Database. Symlink Vulnerabilites, http://www. osvdb.org/searchdb.php?vuln_title = symlink, last updated January 31, 2006.
|
6 |
Miller, Barton P., "Fuzz Testing of Application Reliability," http://www .cs.wisc.edu/-bart/fuzz/fuzz.html, Dec. 2005.
|
7 |
KeyLength.com, "Cryptographic Key Length Recommendation," http:// www.keylength.com.
|
8 |
Curphey, Araujo, "Web Application Security Assessment Tools", IEEE Security and Privacy archive, Volume 4 , Issue 4, July 2006.
|