APPENDIX AResources

Introduction

  1. 1.  Verizon Breach Report 2016, 2017, 2018

Chapter 1: Security Fundamentals

  1. 2.  “There are two types of companies: those that have been breached and those that don't know they've been breached yet.” time.com/3404330/home-depot-hack
  2. 3.  “Between 30 percent to 70 percent of the code in applications come from third parties.” www.infoworld.com/article/2626167/third-party-code-putting-companies-at-risk.html
  3. 4.  Supply chain attack example: www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets

Chapter 2: Security Requirements

  1. 5.  “Injection” vulnerability and has been widely recognized by security professionals as the #1 threat to secure software:

    www.owasp.org/index.php/Top_10-2017_A1-Injection

    www.owasp.org/index.php/Top_10_2013-A1-Injection

    www.owasp.org/index.php/Top_10_2010-A1-Injection

  2. 6.  Output encoding and preventing XSS: portswigger.net/web-security/cross-site-scripting/preventing
  3. 7.  Bounds Checking: en.wikipedia.org/wiki/Bounds_checking
  4. 8.  Integer Overflow: en.wikipedia.org/wiki/Integer_overflow
  5. 9.  Buffer Overflow: en.wikipedia.org/wiki/Buffer_overflow
  6. 10. XSS Prevention Cheat Sheet: owasp.org/www-project-cheat-sheets/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
  7. 11. Rust is memory-safe: acks.mozilla.org/2019/02/rewriting-a-browser-component-in-rust
  8. 12. OWASP Top Ten 2017: 77% of apps have XSS in them. www.ptsecurity.com/ww-en/analytics/web-application-vulnerabilities-statistics-2019 ...

Get Alice and Bob Learn Application Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial