Início‎ > ‎

Bibliografia

OWASP. Open Web Application Security Project’s top ten vulnerability list: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Sun Microsystems. Java Security Code Guidelines: http://java.sun.com/security/seccodeguide.html

LEVY, Elias. Writing Secure Java code: http://www.networkcomputing.com/1108/1108ws3side1.html

MCGRAW, Gary, FELTEN, Edward. Twelve Rules for Developing More Secure Java Code: http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html

PONTARELLI, Brian. J2EE Security: Container Versus Custom: http://www.javaworld.com/javaworld/jw-07-2004/jw-0726-security.html

FERREIRA, Gisele R. M., FERREIRA, Lucas C. Designing Reliable, Robust and Reusable Components With Java Exceptions. Simpósio de Segurança em Informática, SSI-2001. São José dos Campos, Brasil. 2001. http://www.sapao.net/SSI2001-exceptions.pdf

COBLENTZ, Nick. JSESSIONID Regeneration in Struts 2. Nick Coblentz blog, Sep 2008: http://nickcoblentz.blogspot.com/2008/09/jsessionid-regeneration-in-struts-2.html

WEBER, Chris. Open Redirects - What's the problem. Lookout blog, Feb 2008: http://lookout.net/2008/02/27/open-redirects-why-are-they-a-bad-thing/ 

PALMER, Chris. Secure Session Management With Cookies for Web Applications. iSEC Partners, Inc - Sep 2008: http://www.isecpartners.com/files/web-session-management.pdf

OLLMAN, Gunter. Web Based Session Management: Best practices in managing HTTP-based client sessions: http://www.technicalinfo.net/papers/WebBasedSessionManagement.html

OWASP. A Guide to Building Secure Web Applications. Sep 2002: http://www.cgisecurity.com/owasp/html/index.html

ZELLER, William and FELTEN, Edward W. Cross-site Request Forgery: Exploitation and Prevention. Sptember 2008: http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf

Matasano Security, My Pentest Secret: Password Guessing, Jan 2009: http://www.matasano.com/log/1342/my-pentest-secret-password-guessing/

DARBIRSIAGHI, Arshan. Google inurl: still the quickest way to find 216 million flaws. Jan 2009: http://i8jesus.com/?p=29


Comments