This site graciously hosted
by our friends at

9.  Bibliography

Table of Contents  |  Previous Section  |  Next Section

[Advosys 2000] Advosys Consulting (formerly named Webber Technical Services). "Writing Secure Web Applications." See

[Advosys 2001] Advosys Consulting (formerly named Webber Technical Services). 2001. "Preventing HTML form tampering." See

[Aleph1 1996] Aleph1. November 8, 1996. "Smashing The Stack For Fun And Profit." Phrack Magazine. Issue 49, Article 14. See

[Al-Herbish 1999] Al-Herbish, Thamer. 1999. Secure Unix Programming FAQ. See

[Anderson 2001] Anderson, Ross J. 2001. Security Engineering: A Guide To Building Dependable Distributed Systems. ISBN 0-471-38922-6. New York: John Wiley & Sons, Inc.

[Anonymous 1997] Anonymous. 1997. Maximum Security. ISBN 1-57521-268-4. Indianapolis, Indiana:

[Anonymous 1998] Anonymous. September 1998. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. Sams. Second Edition. ISBN: 0672313413.

[Arnold 1993] Arnold, Derek N. 1993. UNIX Security: A Practical Tutorial. ISBN 0-07-002560-6. New York: McGraw-Hill, Inc.

[Atkin 1996] Atkins, Derek, Paul Buis, Chris Hare, Robert Kelley, Carey Nachenberg, Anthony B. Nelson, Paul Phillips, Tim Ritchey, and William Steen. 1996. Internet Security Professional Reference. ISBN 1-56205-557-7. Indianapolis, Indiana: New Riders Publishing.

[AUSCERT 1996] Australian Computer Emergency Response Team (AUSCERT). 1996. A Lab Engineers Check List for Writing Secure Unix Code.

[Bellovin 1994] Bellovin, Steven M. December 1994. Shifting the Odds -- Writing (More) Secure Software. Murray Hill, NJ: AT&T Research.

[Bentley 2000] Bentley, Jon. 2000. Programming Pearls, Second Edition. ISBN 0-201-65788-0. Reading, Massachusetts: Addison-Wesley Longman, Inc.

[Bishop 1995] Bishop, Matt. 1995. "Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux."

[Bishop 1996a] Bishop, Matt. May 1996. "UNIX Security: Security in Programming." SANS '96. Washington DC (May 1996).

[Bishop 1996b] Bishop, Matt, and Michael Dilger. 1996. "Checking for Race Conditions in File Accesses."

[Bishop 1997a] Bishop, Matt. October 1997. "Writing Safe Privileged Programs." Network Security 1997 New Orleans, LA.

[Bishop 1997b] Bishop, Matt. 1997. "Vulnerabilities Analysis."

[Blakley 1999] Blakley, Bob. 1999. CORBA Security: An Introduction To Safe Computing With Objects. ISBN 0-201-32565-9. Reading, Massachusetts: Addison-Wesley Longman, Inc.

[Brown 2000] Brown, Keith. 2000. Programming Windows Security. ISBN 0-201-60442-6. Boston: Addison-Wesley.

[Cargill 1992] Cargill, Tom. 1992. C++ Programming Style. ISBN 0-201-56365-7. Reading, Massachusetts: Addison-Wesley Longman, Inc.

[CERT 1998] Computer Emergency Response Team (CERT) Coordination Center (CERT/CC). February 13, 1998. "Sanitizing User-Supplied Data in CGI Scripts." CERT Advisory CA-97.25.CGI_metachar. See

[Chapman 2000] Chapman, Davis. 2000. Developing Secure Applications with Visual Basic. ISBN 0-672-31836-9. Indianapolis, Indiana: Sams.

[CMU 1998] Carnegie Mellon University (CMU). February 13, 1998 Version 1.4. "How To Remove Meta-characters From User-Supplied Data In CGI Scripts." See

[Cowan 1999] Cowan, Crispin, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade." Proceedings of DARPA Information Survivability Conference and Expo (DISCEX). See

[Cowan 1999] Cowan, Crispin, Steve Beattie, Ryab Finnin Day, Calton Pu, Perry Wagle, and Erik Walthinsen. "Protecting Systems from Stack Smashing Attacks with StackGuard." See

[Curry 1992] Curry, David A. 1992. UNIX System Security: A Guide for Users and System Administrators. ISBN 0-201-56327-4. Reading, Massachusetts: Addison-Wesley Publishing Company.

[Dik 2000] Dik, Casper. 2000. "Safe Programming."

[Du 1997] Du, Wenliang. 1997. "Categorization of Software Errors That Led to Security Breaches."

[Evans Unknown] Evans, David. Unknown. "LCLint User's Guide."

[Farrow 1990] Farrow, Rik. 1990. UNIX System Security. ISBN 0-201-57030-0. Reading, Massachusetts: Addison-Wesley Publishing Company.

[Feghhi 1999] Feghhi, Jalil, Jalil Feghhi and Peter Williams. 1999. Digital Certificates: Applied Internet Security. ISBN 0-201-30980-7. Boston: Addison-Wesley.

[Galvin 1998a] Galvin, Peter. April 1998. "Designing Secure Software." Sunworld.

[Galvin 1998b] Galvin, Peter. August 1998. "The Unix Secure Programming FAQ." Sunworld.

[Garfinkel 1996] Garfinkel, Simson and Gene Spafford. 1996. Practical UNIX & Internet Security, 2nd Edition. ISBN 1-56592-148-8. Sebastopol, CA: O'Reilly & Associates, Inc.

[Garfinkle 1997a] Garfinkle, Simson and Gene Spafford. 1997. Web Security & Commerce. ISBN 1-56592-269-7. Sebastopol, CA: O'Reilly & Associates, Inc.

[Garfinkle 1997b] Garfinkle, Simson. August 8, 1997. 21 Rules for Writing Secure CGI Programs.

[Gong 1999] Gong, Li. June 1999. Inside Java 2 Platform Security. Reading, MA: Addison Wesley Longman, Inc. ISBN 0-201-31000-7.

[Govanus 2001] Govanus, Gary and Robert King. 2001. MSCE: Windows 2000 Network Security Design Exam Notes. ISBN 0-7821-2766-5. San Francisco: Sybex.

[Graham 1999] Graham, Jeff. May 4, 1999. "Security-Audit's Frequently Asked Questions (FAQ)." See

[Gundavaram Unknown] Gundavaram, Shishir, and Tom Christiansen. Date Unknown. Perl CGI Programming FAQ.

[Howard 2000] Howard, Michael. 2000. Designing Secure Web-Based Applications for Microsoft Windows 2000. ISBN 0-7356-0995-0. Redmond, Washington: Microsoft Press.

[Jaworski 2000] Jaworski, Jamie and Paul J. Perrone. 2000. Java Security Handbook. ISBN 0-672-31602-1. Indianapolis, Indiana: Sams.

[Jones 1987] Jones, Robin, and Ian Stewart. 1987. The Art of C Programming. ISBN 0-387-96392-8. New York: Springer-Verlag.

[Kernighan 1988] Kernighan, Brian W., and Dennis M. Ritchie. 1988. The C Programming Language. Second Edition. Englewood Cliffs, NJ: Prentice-Hall. ISBN 0-13-110362-8.

[Koenig 1989] Koenig, Andrew. 2989. C Traps and Pitfalls. ISBN 0-201-17928-8. Reading, Massachusetts: Addison-Wesley Publishing Company.

[Kuperman 1999] Kuperman, Benjamin A., and Eugene Spafford. 1999. "Generation of Application Level Audit Data via Library Interposition." CERIAS Tech Report TR-99-11.

[Krsul 98] Krsul, Ivan Eugene Spafford, and Mahesh Tripunitara. 1998. "An Analysis of Some Software Vulnerabilities."

[Maguire 1993] Maguire, Steve. 1993. Writing Solid Code: Microsoft's Techniques for Developing Bug-Free C Programs. ISBN 1-55615-551-4. Redmond, Washington: Microsoft Press.

[McClure 2001] McClure, Stuart, Joel Scambray, and George Kurtz. 1999. Hacking Exposed: Network Security Secrets and Solutions, Second Edition. Berkeley, CA: Osbourne/McGraw-Hill. ISBN 0-07-212748-1.

[McConnell 1993] McConnell, Steve. 1993. Code Complete: A Practical Handbook of Software Construction. ISBN 1-55615-484-4. Redmond, Washington: Microsoft Press.

[McGraw 1999] McGraw, Gary, and Edward W. Felten. January 25, 1999. Securing Java: Getting Down to Business with Mobile Code, 2nd Edition John Wiley & Sons. ISBN 047131952X.

[McGraw 2000a] McGraw, Gary and John Viega. March 1, 2000. "Make Your Software Behave: Learning the Basics of Buffer Overflows." See

[Mclean 2000] McLean, Ian. 2000. Windows 2000 Security. ISBN 1-57610-387-0. Scottsdale, Arizona: Coriolis.

[Merkow 1998] Merkow, Mark S., Jim Breihaupt, and Ken L. Wheeler. 1998. Building SET Applications for Secure Transactions. ISBN 0-471-28305-3. New York: John Wiley & Sons, Inc.

[Miller 1995] Miller, Barton P., David Koski, Cjin Pheow Lee, Vivekananda Maganty, Ravi Murthy, Ajitkumar Natarajan, and Jeff Steidl. 1995. Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services. See

[Miller 1999] Miller, Todd C. and Theo de Raadt. "strlcpy and strlcat -- Consistent, Safe, String Copy and Concatenation." Proceedings of Usenix '99. See

[Mudge 1995] Mudge. October 20, 1995. "How to write Buffer Overflows." l0pht advisories. See

[NCSA 1997a] NCSA Secure Programming Guidelines. See

[NCSA 1997b] NCSA. 1997. "Writing Secure CGI Scripts." See

[NIST 1999] NIST. The Common Criteria for Information Technology Security Evaluation (CC). 1999. See

[Pattison 2000] Pattison, Ted. 2000. Programming Distributed Applications with COM+ and Microsoft Visual Basic. ISBN 0-7356-1010-X. Redmond, Washington: Microsoft Press.

[Phillips 1995] Phillips, Paul. September 3, 1995. Safe CGI Programming. See

[Pistoia 1999] Pistoia, Marco, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani. 1999. Java2 Network Security, Second Edition. ISBN 0-13-015592-6. Upper Saddie River, New Jersey: Prentice Hall.

[Rabinowitz 1989] Rabinowitz, Henry and Chaim Schapp. 1989. Portable C. ISBN 0-13-685967-4. Englewood Cliffs, New Jersey: Prentice Hall.

[Rain Forest Puppy 1999] rain.forest.puppy. 1999. "Perl CGI problems." Phrack Magazine. Issue 55, Article 07. or

[Ranum 1997] Ranum, Marcus J. 1997. "Security for Software Developers." See

[Ranum 1998] Ranum, Marcus J. 1998. "Security-critical coding for programmers - a C and UNIX-centric full-day tutorial." See

[Reshef 2000] Reshef, Eran, Izhar Bar-Gad. "Web Application Security." See

[Rijmen 2000] Rijmen, Vincent. " Speaks With AES Winner." See

[Rochkind 1985]. Rochkind, Marc J. Advanced Unix Programming. Englewood Cliffs, NJ: Prentice-Hall, Inc. ISBN 0-13-011818-4.

[Seifried 1999] Seifried, Kurt. October 9, 1999. Linux Administrator's Security Guide. See

[Salzer 1975] Saltzer, J.H., and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. IEEE, Vol. 63, No. 9, Sept. 1975, pp. 1278-1308.

[Shostack 1999] Shostack, Adam. June 1, 1999. Security Code Review Guidelines.

[Shrader 2000] Shrader, Theodore K., Bruce A. Rich, and Anthony J. Nadalin. 2000. Java and Internet Security. ISBN: 0-595-13500-5. San Jose:, Inc.

[Sibert 1996] Sibert, W. Olin. Malicious Data and Computer Security. (NIST) NISSC '96. See

[Sitaker 1999] Sitaker, Kragen. Feb 26, 1999. How to Find Security Holes.

[SSE-CMM 1999] SSE-CMM Project. April 1999. System Security Engineering Capability Maturity Model (SSE CMM) Model Description Document. Version 2.0. See

[Stein 1999] Stein, Lincoln D. September 13, 1999. The World Wide Web Security FAQ. Version 2.0.1

[Sun 2000] Sun Microsystems. 2000. "Secure Code Guidelines." See

[Swanson 1996] Swanson, Marianne, and Barbara Guttman. September 1996. "Generally Accepted Principles and Practices for Securing Information Technology Systems." NIST Computer Security Special Publication (SP) 800-14. See

[Thomas 2000] Thomas, Stephen A. 2000. SSL and TLS Essentials: Securing The Web. ISBN 0-471-38354-6. New York: John Wiley & Sons, Inc.

[Unknown] SETUID(7)

[Vacca 1996] Vacca, John. 1996. Internet Security Secrets. ISBN 1-56884-457-3. Foster City, California: IDG Books Worldwide, Inc.

[Van Biesbrouck 1996] Van Biesbrouck, Michael. April 19, 1996. See

[Venema 1996] Venema, Wietse. 1996. Murphy's law and computer security.

[Vitek 1999] Vitek, Jan and Christian D. Jensen (ed.). 1999. Secure Internet Programming: Security Issues For Mobile And Distributed Objects. ISBN 3-540-66130-1. New York: Springer-Verlag.

[W3C 1997] W3C. 1997. "The World Wide Web Security FAQ."

[Wheeler 2001] Wheeler, David A. Secure Programming for Linux and UNIX HOWTO. 2001. Self-published.

[Yoder 1998] Yoder, Joseph and Jeffrey Barcalow. 1998. Architectural Patterns for Enabling Application Security. PLoP '97.

National Security Agency (NSA). September 2000. Information Assurance Technical Framework (IATF). See

Table of Contents  |  Previous Section  |  Next Section

Site Contents Copyright (C) 2002, 2003 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.