[ Pobierz całość w formacie PDF ]
.K.The Unix Auditor's Practical Handbook.http://www.nii.co.in/tuaph.html.[Mudge 1995] Mudge.October 20, 1995.How to write Buffer Overflows.l0pht advisories.http://www.l0pht.com/advisories/bufero.html.[Murhammer 1998] Murhammer, Martin W., Orcun Atakan, Stefan Bretz, Larry R.Pugh, Kazunari Suzuki,and David H.Wood.October 1998.TCP/IP Tutorial and Technical Overview IBM International TechnicalSupport Organization.http://www.redbooks.ibm.com/pubs/pdfs/redbooks/gg243376.pdf[NCSA] NCSA Secure Programming Guidelines.http://www.ncsa.uiuc.edu/General/Grid/ACES/security/programming.[Neumann 2000] Neumann, Peter.2000."Robust Nonproprietary Software." Proceedings of the 2000 IEEESymposium on Security and Privacy (the ``Oakland Conference''), May 14-17, 2000, Berkeley, CA.LosAlamitos, CA: IEEE Computer Society.pp.122-123.Chapter 13.Bibliography 146Secure Programming for Linux and Unix HOWTO[NSA 2000] National Security Agency (NSA).September 2000.Information Assurance Technical Framework(IATF).http://www.iatf.net.[Open Group 1997] The Open Group.1997.Single UNIX Specification, Version 2 (UNIX 98).http://www.opengroup.org/online-pubs?DOC=007908799.[OSI 1999] Open Source Initiative.1999.The Open Source Definition.http://www.opensource.org/osd.html.[Opplinger 1998] Oppliger, Rolf.1998.Internet and Intranet Security.Norwood, MA: Artech House.ISBN0-89006-829-1.[Paulk 1993a] Mark C.Paulk, Bill Curtis, Mary Beth Chrissis, and Charles V.Weber.Capability MaturityModel for Software, Version 1.1.Software Engineering Institute, CMU/SEI-93-TR-24.DTIC NumberADA263403, February 1993.http://www.sei.cmu.edu/activities/cmm/obtain.cmm.html.[Paulk 1993b] Mark C.Paulk, Charles V.Weber, Suzanne M.Garcia, Mary Beth Chrissis, and Marilyn W.Bush.Key Practices of the Capability Maturity Model, Version 1.1.Software Engineering Institute.CMU/SEI-93-TR-25, DTIC Number ADA263432, February 1993.[Peteanu 2000] Peteanu, Razvan.July 18, 2000.Best Practices for Secure Web Development.http://members.home.net/razvan.peteanu[Pfleeger 1997] Pfleeger, Charles P.1997.Security in Computing.Upper Saddle River, NJ: Prentice-HallPTR.ISBN 0-13-337486-6.[Phillips 1995] Phillips, Paul.September 3, 1995.Safe CGI Programming.http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt[Quintero 1999] Quintero, Federico Mena, Miguel de Icaza, and Morten Welinder GNOME ProgrammingGuidelines http://developer.gnome.org/doc/guides/programming-guidelines/book1.html[Raymond 1997] Raymond, Eric.1997.The Cathedral and the Bazaar.http://www.catb.org/~esr/writings/cathedral-bazaar[Raymond 1998] Raymond, Eric.April 1998.Homesteading the Noosphere.http://www.catb.org/~esr/writings/homesteading/homesteading.html[Ranum 1998] Ranum, Marcus J.1998.Security-critical coding for programmers - a C and UNIX-centricfull-day tutorial.http://www.clark.net/pub/mjr/pubs/pdf/.[RFC 822] August 13, 1982 Standard for the Format of ARPA Internet Text Messages.IETF RFC 822.http://www.ietf.org/rfc/rfc0822.txt.[rfp 1999] rain.forest.puppy.1999.``Perl CGI problems''.Phrack Magazine.Issue 55, Article 07.http://www.phrack.com/search.phtml?view&article=p55-7 or http://www.insecure.org/news/P55-07.txt.[Rijmen 2000] Rijmen, Vincent."LinuxSecurity.com Speaks With AES Winner".http://www.linuxsecurity.com/feature_stories/interview-aes-3.html.[Rochkind 1985].Rochkind, Marc J.Advanced Unix Programming.Englewood Cliffs, NJ: Prentice-Hall, Inc.ISBN 0-13-011818-4.Chapter 13.Bibliography 147Secure Programming for Linux and Unix HOWTO[Sahu 2002] Sahu, Bijaya Nanda, Srinivasan S.Muthuswamy, Satya Nanaji Rao Mallampalli, and Venkata R.Bonam.July 2002 ``Is your Java code secure -- or exposed? Build safer applications now to avoid troublelater'' http://www-106.ibm.com/developerworks/java/library/j-staticsec.html?loc=dwmain[St.Laurent 2000] St.Laurent, Simon.February 2000.XTech 2000 Conference Reports.``When XML GetsUgly''.http://www.xml.com/pub/2000/02/xtech/megginson.html.[Saltzer 1974] Saltzer, J.July 1974.``Protection and the Control of Information Sharing in MULTICS''.Communications of the ACM.v17 n7.pp.388-402.[Saltzer 1975] Saltzer, J., and M.Schroeder.September 1975.``The Protection of Information in ComputingSystems''.Proceedings of the IEEE.v63 n9.pp.1278-1308.http://www.mediacity.com/~norm/CapTheory/ProtInf.Summarized in [Pfleeger 1997, 286].[Schneider 2000] Schneider, Fred B.2000."Open Source in Security: Visting the Bizarre." Proceedings of the2000 IEEE Symposium on Security and Privacy (the ``Oakland Conference''), May 14-17, 2000, Berkeley,CA.Los Alamitos, CA: IEEE Computer Society.pp.126-127.[Schneier 1996] Schneier, Bruce.1996.Applied Cryptography, Second Edition: Protocols, Algorithms, andSource Code in C.New York: John Wiley and Sons.ISBN 0-471-12845-7.[Schneier 1998] Schneier, Bruce and Mudge.November 1998.Cryptanalysis of Microsoft's Point-to-PointTunneling Protocol (PPTP) Proceedings of the 5th ACM Conference on Communications and ComputerSecurity, ACM Press.http://www.counterpane.com/pptp.html.[Schneier 1999] Schneier, Bruce.September 15, 1999.``Open Source and Security''.Crypto-Gram.Counterpane Internet Security, Inc.http://www.counterpane.com/crypto-gram-9909.html[Seifried 1999] Seifried, Kurt.October 9, 1999 [ Pobierz całość w formacie PDF ]