Читайте также
Другие ресурсы
Списки рассылки
? http://www.mulberrytech.com/xsl/xsl-list/index.htmlXSL List? Open Forum on XSLСамый авторитетный список рассылки на тему XSL, XSLT и сопутствующих
Другие ресурсы
? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 5, «Public Enemy #1: Buffer Overruns»? «Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows Server 2003» by David Litchfield: www.ngssoftware.com/papers/ defeating–w2k3–stack–protection.pdf? «Non–stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/ХР» by David Litchfield:
Другие ресурсы
? «format bugs, in addition to the wuftpd bug» by Lamagra Agramal: www.securityfocus.com/archive/1/66842? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 5, «Public Enemy #1: Buffer Overruns»? «UNIX locale format string vulnerability, CORE SDI» by Ivan Arce: www.securityfocus.com/archive/1/80154? «Format String Attacks» by Tim Newsham: www.securityfocus.com/archive/ 1/81565? «Windows 2000 Format
Другие ресурсы
? «Integer Handling with the С++ Safelnt Class», David LeBlanc, msdn.microsoft.com/library/default.asp?url=/library/en–us/dncode/html/ secure01142004.asp? «Another Look at the Safelnt Class», David LeBlanc, http://msdn.microsoft.com/ library/default.asp?url=/library/en–us/dncode/html/secure05052005.asp? «Reviewing Code for Integer Manipulation Vulnerabilities*, Michael Howard, http://msdn. microsoft, com/library/default.asp?url=/library/en–us/dncode/
Другие ресурсы
? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 12, «Database Input Issues»? Sarbanes–Oxley Act of 2002: www.aicpa.org/info/sarbanes–oxley_summary.htm? The Open Web Application Security Project (OWASP): www.owasp.org.? «Advanced SQL Injection in SQL Server Applications» by Chris Anley: www. nextgenss.com/papers/advanced_sql_injection.pdf? Web Applications and SQL Injections:
Другие ресурсы
? Code Complete, Second Edition by Steve McConnell, Chapter 8, «Defensive Programming»? «Exception Handling in Java and C#» by Howard Gilbert: http://pclt.cis. yale.edu/ pclt/exceptions.htm? Linux Kernel mremap() Missing Return Value Checking Privilege Escalation
Другие ресурсы
? «Writing Secure Code, Second Edition» by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 13 «Web–specific Input Issues»? Mitigating Cross–site Scripting With HTTP–only Cookies: http://msdn. microsoft.com/library/default.asp?url=/workshop/author/dhtml/httponly_ cookies.asp? Request Validation – Preventing Script Attacks: www.asp.net/faq/ requestvalidation.aspx? mod_perl Apache::TaintRequest: www.modperlcookbook.org/code.html?
Другие ресурсы
? Утилита ssldump для анализа SSL–трафика: www.rtfm.com/ssldump? SSL–прокси Stunnel: www.stunnel.org/? Бесплатная реализация режимов GCM и ССМ от Брайана Гладмана:
Другие ресурсы
? Раздел о скрытых полях в спецификации W3C HTML: www.w3.org/TR/ REC–html32#fields? « Practical Cryptography» by Niels Ferguson and Bruce Schneier (Wiley, 2003), §6.3 «Weaknesses of Hash Functions»? PEAR HMAC: http://pear.php.net/package/Crypt_HMAC? «Hold Your Sessions: An Attack on Java Session–Id Generation» by Zvi Gutter–man and Dahlia Malkhi:
Другие ресурсы
? RFC по протоколу HTTPS: www.ietf.org/rfc/rfc2818.txt? Документация по Java Secure Socket Extension (JSSE) API: java.sum.com/products/jsse? Документация по программированию SSL и TLS на базе библиотеки OpenSSL: www.openssl.org/docs/ssl/ssl.html? Информационный центр компании VeriSign по вопросам SSL:
Другие ресурсы
? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 6, «Determining Appropriate Access Control»? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 8, «Cryptographic Foibles»? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 9, «Protecting Secret Data»? Windows Access Control:
Другие ресурсы
? «СасЬе–timing attacks on AES» by Daniel J. Bernstein: http://cr.yp.to/ antiforgery/cachetiming–20050414.pdf? «Cache for fun and profit» (атака на RSA на машинах с гипертредингом, аналогичная атака Бернстайна на AES) by Colin Percival: www.daemonology.net/ papers/htt.pdf? Computer security: Art and Science by Matt Bishop (Addison–Wesley, 2002), Chapter 5, «Confidentiality Policies»? Default
Другие ресурсы
? «Secure programmer: Prevent race conditions» by David Wheeler: www–106. ibm.com/developerworks/linux/library/l–sprace.html?ca=dgr–lnxw07RACE? Building Secure Software by John Viega and Gary McGraw (Addison Wesley), Chapter 9, «Race Conditions»? Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 11 «Canonical Representation Issues»? Perl 5 Reference Guide в формате HTML от Рекса
Другие ресурсы
? Building Internet Firewalls, Second Edition by Elizabeth D. Zwicky, Simon Cooper and D. Brent Chapman (OReilly, 2000)? OzEmail: http://members.ozemail.com.au/~987654321/impact_of_rfc_on_
Другие ресурсы
? «Resource contention can be used against you» by David Wheeler: www–106. ibm.com/developerworks/linux/library/l–sprace.html?ca=dgr–lnxw07RACE? RAZOR research topics: http://razor.bindview.com/publish/papers/signals.txt? «Delivering Signals for Fun and Profit: Understanding, Exploiting and Preventing Signal Handling Related Vulnerabilities» by Michal Zalewski:
Другие ресурсы
? Protocols for Authentication and Key Establishment by Colin Boyd and Anish Mathuria (Springer,