[web]
Kukinews
/ 2011
/ [Financial hacking is an Emergency] Hacking Method Viewed by Experts
/ http://news.kukinews.com/article/view.asp?page=1&gCode=kmi&arcid=0004844041&cp=du
[web]
WhiteHat Security, Inc
/ 2011
/ Measuring Website Secur ity: Windows of Exposure
/ http://img.en25.com/Web/WhiteHatSecurityInc/WPstats_winter11_11th.pdf
[web]
/ 2011
/ National Institute of Standards and Technology. National Vulnerability Database (NVD)
/ http://nvd.nist.gov
[confproc]
R. A. Martin
/ 2005
/ The Case for Common Flaw Enumeration
/ NIST Workshop on Software Security Assurance Tools, Techniques and Metrics
[confproc]
R. A. Martin
/ 2006
/ A Status Update : The Common Weaknesses Enumeration
/ Proc. of the Static Analysis Summit(NIST Special Publication 500-262)
: 62~64
[confproc]
A. Tripathi
/ 2010
/ Towards Standardi zation of Vulnerability Taxonomy
/ Proc. of the 2nd International Conference on Computer Technology and Development(ICCTD)
: 379~384
[confproc]
K. Tsipenyuk
/ 2005
/ Seven Pernicious Kingdoms : A Taxonomy of Software Security Errors
/ IEEE Security & Privacy
: 81~84
[confproc]
J. A. Wang
/ 2009
/ Security metrics for software systems
/ Proc. of the 47th Annual Southeast Regional Conference (ACM-SE-47)
[book]
A. Wiesmann
/ 2005
/ A Guide to Building Secure Web Applicat ions and Web Services
/ OWASP
[web]
/ The Open Web Application Security Project (OWA SP)
/ http://www.owasp.org
[web]
/ Homeland Security: Common Weakness Enumera tion (CWE)
/ http://cwe.mitre.org
[book]
M. Howard
/ 2005
/ 19 Deadly Sins of Software Security - Programming Flaws and How to Fix Them
/ McGraw-Hill
[confproc]
S. Wagner
/ 2009
/ A Security Requirements Approach for Web Systems
/ Proc. of Quality Assessment in Web (QAW2009)
[confproc]
P. Mell
/ 2006
/ Common Vulnerability Scoring System
/ IEEE Security & Privacy
: 85~89
[journal]
Y. Kim
/ 2010
/ Analysis and Documentation of Korean Common Weakness Enumeration for Software Security
/ Communications of the Korean Institute of Information Scientists and Engineers
28
(2)
: 20~31
[web]
/ CWE-79 Improper Neutralization of Input During Web Page Generation(‘Cross-site Scripting’)
/ http://cwe.mitre.org/data/definitions/79.html