Início‎ > ‎


OWASP. Open Web Application Security Project’s top ten vulnerability list:

Sun Microsystems. Java Security Code Guidelines:

LEVY, Elias. Writing Secure Java code:

MCGRAW, Gary, FELTEN, Edward. Twelve Rules for Developing More Secure Java Code:

PONTARELLI, Brian. J2EE Security: Container Versus Custom:

FERREIRA, Gisele R. M., FERREIRA, Lucas C. Designing Reliable, Robust and Reusable Components With Java Exceptions. Simpósio de Segurança em Informática, SSI-2001. São José dos Campos, Brasil. 2001.

COBLENTZ, Nick. JSESSIONID Regeneration in Struts 2. Nick Coblentz blog, Sep 2008:

WEBER, Chris. Open Redirects - What's the problem. Lookout blog, Feb 2008: 

PALMER, Chris. Secure Session Management With Cookies for Web Applications. iSEC Partners, Inc - Sep 2008:

OLLMAN, Gunter. Web Based Session Management: Best practices in managing HTTP-based client sessions:

OWASP. A Guide to Building Secure Web Applications. Sep 2002:

ZELLER, William and FELTEN, Edward W. Cross-site Request Forgery: Exploitation and Prevention. Sptember 2008:

Matasano Security, My Pentest Secret: Password Guessing, Jan 2009:

DARBIRSIAGHI, Arshan. Google inurl: still the quickest way to find 216 million flaws. Jan 2009: