Notes

1. NIST FIPS PUB 201-1, “Personal Identity Verification (PIV) of Federal Employees and Contractors: National Institute of Standards and Technology,” Gaithersburg, MD, March 2006.

2. https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/guidelines/321-BSI.html

3. NIST Special Publication 800-14, “Generally Accepted Principles and Practices for Securing Information Technology Systems,” September 1996.

4. NIST Special Publication 800-30, “Risk Management Guide for Information Technology Systems,” July 2002.

5. NIST Special Publication 800-18, “Guide for Developing Security Plans for Information Technology Systems,” February, 2006.

6. NIST Special Publication 800-14, “Generally Accepted Principles and Practices for Securing Information Technology Systems,” September 1996.

7. NIST Special Publication 800-14, “Generally Accepted Principles and Practices for Securing Information Technology Systems,” September 1996.

8. www.owasp.org/index.php/Error_Handling,_Auditing_and_Logging

9. Goertzel, K., et al., “Enhancing the Development Life Cycle to Produce Secure Software.” Version 2.0. Rome, New York: United States Department of Defense Data and Analysis Center for Software, October 2008.

10. National Security Agency, “Information Assurance Technical Framework (IATF),” Release 3.1, September 2002.

11. http://msdn.microsoft.com/en-us/library/ms972812.aspx

12. www.sei.cmu.edu/str/str.pdf

13. http://msdn.microsoft.com/en-us/magazine/cc163882.aspx

14. Terms from http://msdn.microsoft.com/en-us/library/ms995349.aspx ...

Get Web Commerce Security Design and Development now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.