참고문헌
- OWASP.org, the OWASP Top Ten is a list of vulnerabilities that require immediate remediation, http://www.owasp.org/documentation/topten/introduction.html
- SPI Dynamics Inc, SQL Injection White Paper, SPI Dynamics Inc., 2002.
- Advisees Consulting Group, Writing Secure Web Applications, Advisees Consulting Group, 2004.
-
$CERT{\circledR}$ Coordination Center,$CERT{\circledR}$ Advisory CA-2000-02, Malicious HTML Tags Embedded in Client Web Requests, CERT Coordination Center, Carnegie Mellon University, Pittsburgh PA 15213-3890, USA, 2000. - Duffy, Kevin, et al., Professional JSP Site Design, Wrox Press, 2001.
- Anderson, Richard, et al., Professional ASP.NET 1.0, Wrox Press, 2002.
-
$CERT{\circledR}$ Coordination Center, Understanding Malicious Content Mitigation for Web Developers, CERT Coordination Center, Carnegie Mellon University, Pittsburgh PA 15213-3890, USA, 2000. - Ollmann, Gunter, Understanding the cause and effect of CSS (XSS) Vulnerabilities, http://www.technicalinfo.net/papers/CSS.html
- W. Halfond and A. Orso, Combining Static Analysis and Runtime Monitoring to Counter SQLInjection Attacks, Proceedings of the Third International ICSE Workshop on Dynamic Analysis, WODA 2005.
- W. Halfond and A. Orso, AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks, Proceedings of the IEEE and ACM International Conference on Automated Software Engineering, ASE 2005.
- Rabek, Jesse C., et al, Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code, Defense Advanced Project Agency (DARPA), Copyright Association for Computing Machinery, ACM, 2003.
- Huang, Yao-Wen, et al, Securing Web Application Code by Static Analysis and Runtime Protection, New York, New York, USA, 2004.
- Jerry Lee Ford, Jr and William R. Stanek, Increase Your Web Traffic, fourth edition, Thomson Course Technology, 2006.
- Joel Scramby, Mike Shema and Caled Sima, Hacking Web Applications Exposed, second edition, The McGraw-Hill Companies, 2006, pp.238.
- Stuart McClure, Joel Scramby and George Kurtz, Hacking Exposed, Network Security Secrets & Solutions, fifth edition, The McGraw-Hill Companies, 2005, pp.581-582.
- Hackademix website-http://hackademix.net/2007/08/12/united-nations-vs-sql-injections/