© Elena Kichigina/Shutterstock

References

“5 Common Web Application Security Vulnerabilities” (Aardwolf Security, December 2020). https://aardwolfsecurity.com/5-common-web-application-security-vulnerabilities/ (accessed on February 5, 2022).

“A Guide to Building Secure Web Applications (OWASP 2022).” https://www.cgisecurity.com/owasp/html/ (accessed on October 20, 2021).

“About Licenses” (Creative Commons, n.d.). http://creativecommons.org/about/licenses/ (accessed December 12, 2021).

Alberts, Christopher, and Audrey Dorofee. Managing Information Security Risks: The OCTAVE Approach. Boston: Addison-Wesley, 2003.

Alhadidi, D., M. Debbabi, and P. Bhattacharya. “New AspectJ Pointcuts for Integer Overflow and Underflow Detection.”Information Security Journal: A Global Perspective 17, no. 5/6 (2008): 278–287.

Alibegovic, Dzevad, “HTTP Request Smuggling: Complete Guide to Attack Types and Prevention” (Brite Security, Inc, August 2021). https://brightsec.com/blog/http-request-smuggling-hrs/ (accessed January 18, 2022).

Baykara, Surkay. “What are the PCI DSS Firewall and Router Configuration Requirements” (PCI DSS Guide). https://www.pcidssguide.com/what-are-the-pci-dss-firewall-and-router-configuration-requirements/ (accessed March 10, 2022).

Bennett, Shea R. “Minimum Age Requirements: Twitter, Facebook, Instagram, Snapchat, WhatsApp, Secret,” Advertising Week/Social Times, September 29, 2014. http://www.adweek.com/socialtimes/social-media-minimum-age/501920 (accessed June 17, 2015).

Berners-Lee, Tim, and Mark Fischetti. Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web. San Francisco: Harper, 2000.

“Black-box vs. White-box Testing” (PractiTest). https://www.practitest.com/qa-learningcenter/resources/black-box-vs-white-box-testing/ (accessed January 15, 2022).

Bledsoe, Everett. “What Is Electronic Warfare?—A Detailed Look” (The Solders Project, May 2, 2022), https://www.thesoldiersproject.org/what-is-electronic-warfare/ (accessed March 15, 2022).

Boberski, Mike. “A Guide to Building Secure Web Applications and Web Services” (OWASP Guide Project). http://www.owasp.org/index.php/Category:OWASP_Guide_Project#tab=Project _Details (accessed January 31, 2022).

“Business Transaction” (ContractsCounsel). https://www.contractscounsel.com/t/us/business-transaction (accessed February 21, 2022).

Chandra, Pravir. “Software Assurance Maturity Model: A Guide to Building Security into Software Development” version 1.0 (The Open Web Application Security Project, 2009). http://www.opensamm.org/downloads/SAMM-1.0.pdf (accessed May 12, 2010).

Curphey, Mark, Joel Scambray, and Erik Olson. “Improving Web Application Security: Threats and Countermeasures” (Microsoft, June 30, 2003). http://www.cgisecurity.com/lib/Threats _Countermeasures.pdf (accessed May 13, 2010).

CVE Top 25, CVE-2008-2249. “Integer Overflow in GDI.” https://www.cvedetails.com/cve/CVE-2008-2249/ (accessed March 22, 2022).

Cybersecurity & Infrastructure Security Agency (CISA). “Personal Security Considerations.” https://www.cisa.gov/publication/personal-security-considerations (accessed September 22, 2021).

“Data Protection” (European Commission). https://ec.europa.eu/info/law/law-topic/data-protection_en (accessed March 1, 2022).

Demchenko, Maryna. “Software Development Life Cycle: A Guide to Phases and Models” (nCube). https://ncube.com/blog/software-development-life-cycle-guide (accessed February 1, 2022).

“eCommerce Compliance: 5 Key Requirements and How to Comply” (BlueCheck, Inc. May 2021), https://blog.bluecheck.me/ecommerce-compliance (accessed January 10, 2022).

Egan, Matt. “What Is the Dark Web, What's on It & How to Access It.” Tech Advisor, https://www.techadvisor.com/how-to/internet/dark-web-3593569/ / (accessed April 2, 2022).

“Electronic Communications Privacy Act of 1986” (U.S. Department of Justice, Justice Information Sharing, February 27, 2009). http://www.it.ojp.gov/default.aspx?area=privacy&page=1285 (accessed March 1, 2010).

Federal Bureau of Investigation. “Internet Social Networking Risks.” https://www.fbi.gov/file-repository/internet-social-networking-risks-1.pdf/view (accessed April 1, 2022).

Gerwin, Kate. “How to Manage Email Security Risks and Threats” (TechTarget April 2019). https://www.techtarget.com/searchsecurity/essentialguide/How-to-manage-email-security-risks-and-threats (accessed February 20, 2022).

Google, Inc. “Analytics.” n.d. http://www.google.com/analytics/ (accessed March 16, 2022).

Huang, H.-C. Z.-K. Zhang, H.-W. Cheng and S. W. Shieh. "Web Application Security: Threats, Countermeasures, and Pitfalls."Computer 50, no. 6 (2017): 81–85.

Hampson, Marshall. “How To Ensure Your Mobile Communication Security and Why Is Important” (Soprano Design Limited, n.d.). https://www.sopranodesign.com/learn/mobile-messaging/mobile-communication-security/ (accessed February 17, 2022).

Heartbleed Bug. “The Heartbleed Bug.” April 29, 2014. http://heartbleed.com/ (accessed March 15, 2015).

Hickey, Brian. “Security awareness, training, and education” (Infosec, August 2018). https://resources.infosecinstitute.com/topic/security-awareness-training-and-education/ (accessed March 20, 2022).

“HTML 5 Specification” (World Wide Web Consortium, October 24, 2018). https://www.w3.org/TR/2014/REC-html5-20141028/ (accessed November 12, 2021).

“Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle” (TestingStuff, n.d.). http://www.testingstuff.com/articles/Effective%20Web%20App%20Vul%20Remediation.html (accessed January 20, 2022).

InfoSec Institute. “Exploiting Unintended Data Leakage (Side Channel Data Leakage).” April 29, 2014. http://resources.infosecinstitute.com/android-hacking-security-part-4-exploiting-unintended-data-leakage-side-channel-data-leakage/ (accessed December 11, 2021).

Ingalls, Sam. “What Is a Client-Server Model? A Guide to Client-Server Architecture” (ServerWatch November 2021). https://www.serverwatch.com/guides/client-server-model/ (accessed October 10, 2021).

Jones, Caitlin. “50 Web Security Stats You Should Know in 2022” (Expert Insights, January 2022). https://expertinsights.com/insights/50-web-security-stats-you-should-know/ (accessed January 12, 2022).

Jouini, Mouna, and Latifa Ben Arfa Rabai. “Threats Classification: State of the Art.” InComputer Systems and Software Engineering: Concepts, Methodologies, Tools, and Applications. Edited by Management Association, Information Resources. Hershey, PA: IGI Global, 2018: 1851–76. https://doi.org/10.4018/978-1-5225-3923-0.ch077.

Kallos, Judith. “What is website analytics — and how can it help your business grow?” (GoDaddy August 2019). https://www.godaddy.com/garage/what-is-website-analytics/ (accessed April 10, 2022).

Manes, Stephen. “Ounces of Protection.”Forbes 175, no. 5 (2005): 70. Academic Search Premier, EBSCOhost.

Microsoft Corporation. “Advanced Security Audit Policy Settings,” September 16, 2017. https://docs.microsoft.com/en-us/previous-versst.

“OWASP Mobile Security,” https://www.owasp.org/index.php/OWASP_Mobile_Security_Project (accessed November 17, 2021).

Neely, Pam, “8 Reasons Why Email Is Still the Killer App—For Now” (Business 2 Community). https://www.business2community.com/brandviews/act-on/8-reasons-email-still-killer-app-now-01472761 (accessed December 29, 2021).

“Nessus: the Network Vulnerability Scanner” (Tenable Network Security, n.d.). http://www.nessus.org/nessus/ (accessed November 27, 2021).

“OWASP Code Review Guide 2.0” (OWASP Foundation, 2017). https://owasp.org/www-project-code-review-guide/assets/OWASP_Code_Review_Guide_v2.pdf (accessed December 12, 2021).

OWASP Foundation. OWASP Developer Guide, n.d. https://github.com/OWASP/DevGuide/tree/dc5a2977a4797d9b98486417a5527b9f15d8a251/DevGuide2.0.1 (accessed March 15, 2015).

“OWASP Top 10 Privacy Risks.” https://owasp.org/www-project-top-10-privacy-risks/ (accessed October 17, 2021).

“OWASP Top 10—2010: The Ten Most Critical Web Application Security Risks” (The Open Web Application Security Project, April 19, 2010). http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf (accessed May 12, 2010).

“OWASP Web Security Testing Guide V4.2.” OWASP Foundation. (accessed January 12, 2022).

Payment Card Industry Security Standards Council. “PCI Security.” https://www.pcisecuritystandards.org/pci_security/ (accessed March 15, 2022).

“PCI Compliance Made Easy” (TraceSecurity, August 2007). http://www.tracesecurity.com/docs/PCI-DSS-Compliance.pdf (accessed May 1, 2010).

“PCI DSS Security Audit Procedures, Version 1.1” (PCI Security Standards Council, September 2006). https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures _v1-1.pdf (accessed May 1, 2010).

“PCI DSS: 5 Guidelines for Gaining PCI Compliance” (PCI Compliance Guide, n.d.). http://www.pcicomplianceguide.org/merchants-20071022-gaining-pci-compliance.php (accessed May 1, 2010).

“Phishing Vigilance: What Your Employees Must Know to Identify and Stop Attacks” (ECI Software Solutions). https://www.ecisolutions.com/blog/phishing-vigilance-what-your-employees-must-know-to-identify-and-stop-attacks/ (accessed December 31, 2021).

Phithakkitnukoon, Santi, Ram Dantu, and Enkh-Amgalan Baatarjav. “VoIP Security—Attacks and Solutions.”Information Security Journal: A Global Perspective 17, no. 3 (2008): 114–123.

“Plaintiffs’ Petition for Damages” letter from the law offices of Al Robert Jr. (Wired, November 2009). http://www.wired.com/images_blogs/threatlevel/2009/11/radiant-petition.pdf (accessed May 1, 2010).

“Principles of Cyber Exposure” (Tenable Network Security, n.d.). https://www.tenable.com/principles (accessed February 10, 2022).

Rosenblum, David. “What Anyone Can Know: The Privacy Risks of Social Networking Sites.”IEEE Security and Privacy (IEEE Educational Activities Department)5, no. 3 (May/June 2007): 40–49.

Seacord, Robert, and Martin Sebor. “Top 10 Secure Coding Practices” (CERT, February 23, 2010). https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding +Practices (accessed May 12, 2010).

“Secure Coding Guidelines and Best Practices For Developers” (Software Testing Help). https://www.softwaretestinghelp.com/guidelines-for-secure-coding/ (accessed on January 15, 2022).

“Secure Coding Guidelines for the Java Programming Language, Version 3.0” (Oracle, 2010). http://java.sun.com/security/seccodeguide.html (accessed May 12, 2010).

“Secure coding practices every developer should know” (Synk Ltd, n.d.). https://snyk.io/learn/secure-coding-practices/ (accessed February 10, 2022).

“Security Considerations for Your Small Business” (National Protective Services Web Admin, September 2021). https://www.npsva.com/blog/security-considerations-for-your-small-business/ (accessed November 15, 2021).

“Security Policies and Procedures” wiki (Internet2, August 6, 2009). https://wiki.internet2.edu/confluence/display/secguide/Security+Policies+and+Procedures (accessed May 18, 2010).

Shiflett, Chris. “Security Corner: Session Fixation.” Reprint of article from php|architect, February 16, 2004. http://shiflett.org/articles/session-fixation (accessed April 22, 2010).

Siddharth, Sumit. “Five Common Web Application Vulnerabilities” (Symantec Connect, April 27, 2006). http://www.symantec.com/connect/articles/five-common-Web-application-vulnerabilities (accessed May 13, 2010).

Sima, Caleb, and Vincent Liu. “Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle” (Toolbox for IT, 2010). http://hosteddocs.ittoolbox.com/CS0815072.pdf (accessed May 18, 2010).

“Staying a Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities,” white paper (IBM Service Management, June 2008). ftp://public.dhe.ibm.com/common/ssi/sa/wh/n/gmw14021usen/GMW14021USEN.PDF (accessed May 12, 2010).

Stevens, Gary, “Most Common Website Vulnerabilities [2022 Update]” (Hosting Canada, February 2022). https://hostingcanada.org/website-vulnerabilities/ (accessed on March 1, 2022).

Symantec Corporation. “Norton: Your Security Resource: Top 5 Social Media Scams,” n.d. http://ca.norton.com/yoursecurityresource/detail.jsp?aid=social_media_scams (accessed March 13, 2015).

“Technical and Operational Requirements for Approved Scanning Vendors (ASVs),” version 1.1 (PCI Security Standards Council, 2006). https://www.pcisecuritystandards.org/pdfs/pci_dss _technical_and_operational_requirements_for_approved_scanning_vendors_ASVs_v1-1.pdf (accessed May 12, 2010).

The International Society of Forensic Computer Examiners—ISFCE. “CCE Certification,” n.d. https://www.isfce.com/certification.htm (accessed April 27, 2015).

Tomayko, David. “Software Configuration Management.” SEI Curriculum Module SEI-CM-4-1.4 (Carnegie Mellon University, Software Engineering Institute, December 1990). http://www.sei.cmu.edu/reports/87cm004.pdf (accessed May 12, 2010).

Tressler, Colleen. “Consumers Told It to the FTC: Top 10 Complaints for 2014.” Federal Trade Commission Consumer Information, Feb. 27, 2015. http://www.consumer.ftc.gov/blog/consumers-told-it-ftc-top-10-complaints-2014 (accessed March 31, 2015).

Tunggal, Abi Tyas. “What Is Cybersecurity Risk? A Thorough Definition.” https://www.upguard.com/blog/cybersecurity-risk (accessed March 7, 2022).

U.S. Federal Trade Commission. “Phishing Scams.” https://www.ftc.gov/news-events/topics/identity-theft/phishing-scams (accessed March 5, 2022).

Virgillito, Dan, “Introduction to Secure Software Development Life Cycle.” June 9, 2021. https://resources.infosecinstitute.com/topic/introduction-to-secure-software-development-life-cycle/ (accessed March 16, 2022).

“Virtualization: Appealing in a Tough Economy.” Information Today, January 1, 2010.

“Web Analytics Association” (Web Analytics Association, n.d.). http://www.Webanalyticsassociation.org/ (accessed May 18, 2010).

“Web Application Vulnerabilities: Most Common Types to Beware” (Trending American, March 2022). https://trendingamerican.com/web-application-vulnerabilities-most-common-types-to-beware/ (accessed February 5, 2022).

“Welcome to the PCI Security Standards Council” (2006–2015). https://www.pcisecuritystandards.org (accessed March 15, 2015).

“What Are Standards?” (ETSI, 2010). http://www.etsi.org/WebSite/Standards/WhatIsAStandard.aspx (accessed May 18, 2010).

“What Errors Are Included in the Top 25 Programming Errors?” (SANS, 2010). http://www.sans.org/top25-programming-errors/ (accessed May 12, 2010).

“What Is Network Security Policy Management?” (Cisco Systems, n.d.). https://www.cisco.com/c/en_au/products/security/what-is-network-security-policy-management.html (accessed December 18, 2021).

“What Is Revision Control?” (Klariti, n.d.). http://www.klariti.com/technical-writing/What-is-Revision-Control.shtml (accessed May 12, 2010).