Notes
1. Kernighan, Brian. “The Elements of Programming Style,” 2nd edition, Chapter 2.
2. One conclusion of this statement is that when you fix a bug in your own code, then your intelligence magically doubles. The alternative (reverse) conclusion is not as encouraging.
4. http://cve.mitre.org, http://nvd.nist.gov, www.us-cert.gov, and www.sans.org respectively.
5. OWASP Top 10 2010 list: www.owasp.org/index.php/Top_10
6. Amoroso, Edward. Fundamentals of Computer Security Technology, (Prentice Hall 1994).
7. The Same-Origin Policy, http://w3.org/Security/wiki/Same_Origin_Policy
8. http://ha.ckers.org/blog/20060901/brute-force-password-guessing/
10. Per “Microsoft Secure Development Lifecycle (SDL)process” terminology.
11. M. Johns and J. Winter. “RequestRodeo: Client Side Protection against Session Riding.” in Proceedings of the OWASP Europe 2006 Conference by Piessens, F. (ed.), refereed papers track, Report CW448, pages 5–17. Departement Computerwetenschappen Katholieke Universiteit Leuven, May 2006.
12. W. Zeller, E. W. Felten. “Cross Site Request Forgeries: Exploitation and Prevention.” Princeton University. CCS 2008.
13. A. Barth, C. Jackson, and J.C. Mitchell. “Robust Defenses for Cross-Site Request Forgery.” CCS 2008.
14. Amit Klein, “DOM Based Cross Site Scripting or XSS of the Third Kind; a look at an overlooked flavor of XSS,” www.webappsec.org/projects/articles/071105.shtml
15. Exhaustive list with further details on each rule can ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
