文献

ウェブアプリケーションの自動化された脅威に関する調査では、以下の学術情報、オープンソース、商用情報、ニュースソースを使用しました。OWASP はソフトウェアのセキュリティ向上に重点を置く世界規模の非営利慈善団体です。私たちはベンダー中立のポリシーの下で運営しており、製品やサービスを支持するものではありません。

  • 10 years of Application Security, Denyall http://www.denyall.com/resources/whitepapers/?aliId=3438442

  • 2012 Payment Card Threat Report https://www.securitymetrics.com/static/resources/orange/2012%20Payment%20Card%20Threat%20Report%20copy.pdf

  • 2014 Bot Traffic Report: Just the Droids You were Looking for http://www.incapsula.com/blog/bot-traffic-report-2014.html

  • 3 Types of ‘Return Fraud’ to Monitor this Holiday Season http://www.practicalecommerce.com/articles/3168-3-Types-of-%E2%80%98Return-Fraud-to-Monitor-this-Holiday-Season

  • 7 Ways Bots Hurt Your Website, Distil Networks http://www.distilnetworks.com/7-ways-bots-hurt-website-whitepaper/

  • Abusing HTML 5 Structured Client-side Storage 2008 http://packetstorm.wowhacker.com/papers/general/html5whitepaper.pdf

  • Acquiring Experience with Ontology and Vocabularies, Walt Melo, Risa Mayan and Jean Stanford, 2011 http://www.omg.org/news/meetings/workshops/SOA-HC/presentations-2011/13_SC-6_Melo_Stanford_Mayan.pdf

  • An Anatomy of a SQL Injection Attack Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_An_Anatomy_of_a_SQL_Injection_Attack_SQLi.pdf

  • The Anatomy of Clickbot.A https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/daswani/daswani.pdf

  • Anatomy of comment spam Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Anatomy_of_Comment_Spam.pdf

  • Anti-Automation Monitoring and Prevention 2015 https://www.clerkendweller.uk/2015/1/29/AntiAutomation-Monitoring-and-Prevention

  • Anti-DDoS Solution for Internet Corporation http://www.nsfocus.com/uploadfile/Solution/NSFOCUS%20Anti-DDoS%20Solution%20for%20Internet%20Corporation.pdf

  • Anti-Fraud Principles and Proposed Taxonomy Sep 2014 http://www.iab.net/media/file/IAB_Anti_Fraud_Principles_and_Taxonomy.pdf

  • Apache Security Ivan Ristic

  • Application Security Desk Reference, OWASP https://www.owasp.org/index.php/Category:OWASP_ASDR_Project

  • Application Security Guide For CISOs, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf

  • AppSensor, OWASP https://www.owasp.org/index.php/OWASP_AppSensor_Project

  • Attack & Defense Labs http://www.andlabs.org/html5.html

  • Attack categories OWASP https://www.owasp.org/index.php/Category:Attack

  • Attack Trees, Schneier, Dr. Dobb's Journal, December 1999 https://www.schneier.com/paper-attacktrees-ddj-ft.html

  • Attacking with HTML5 2010 https://media.blackhat.com/bh-ad-10/Kuppan/Blackhat-AD-2010-Kuppan-Attacking-with-HTML5-wp.pdf

  • Automated attacks Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Automation_of_Attacks.pdf

  • Avoiding the Top 10 Software Security Design Flaws http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf

  • Bad Bots On The Rise Dec 2014 http://www.darkreading.com/informationweek-home/bad-bots-on-the-rise/d/d-id/1318276

  • Banking Botnets Persist Despite Takedowns, Dell SecureWorks, 2015 http://www.secureworks.com/cyber-threat-intelligence/threats/banking-botnets-persist-despite-takedowns/

  • The Barracuda Web Application Firewall: XML Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_XML_Firewall.pdf

  • Blocking Brute Force Attacks http://www.cs.virginia.edu/~csadmin/gen_support/brute_force.php

  • Bot Traffic Growing Problem for Digital Oct 2014 http://www.netnewscheck.com/article/36537/bot-traffic-growing-problem-for-digital

  • BotoPedia Incapsula http://www.botopedia.org/

  • Boy in the Browser Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/Boy_in_the_Browser

  • Business Logic Attacks - Bots and BATs, Eldad Chai, 2009 http://www.owasp.org/images/9/96/AppSecEU09_BusinessLogicAttacks_EldadChai.ppt

  • Bypassing Client Application Protection Techniques http://www.securiteam.com/securityreviews/6S0030ABPE.html

  • A CAPTCHA in the Rye Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_a_CAPTCHA_in_the_Rye.pdf

  • Characterizing Large Scale Click fraud http://cseweb.ucsd.edu/~voelker/pubs/za-ccs14.pdf

  • Charter Addition Proposal: "Trusted Code" for the Web https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0150.html

  • A cheesy Apache / IIS DoS vuln (+a question) http://www.securityfocus.com/archive/1/456339/30/0/threaded

  • China's Man-on-the-Side Attack on GitHub http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub

  • The CISO Survey and Report, OWASP, 2013 https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf

  • Common Attack Pattern Enumeration and Classification (CAPEC), Mitre https://capec.mitre.org/

  • Common Cyber Attacks: Reducing the Impact CERT-UK https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf

  • Corporate espionage – the internet’s new growth industry http://www.itproportal.com/2015/03/19/corporate-espionage-internets-new-growth-industry/

  • CSA Top Threats to Cloud Computing https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

  • CSRF vulnerability in GMail service http://seclists.org/fulldisclosure/2009/Mar/29

  • CWE/SANS Top 25 Most Dangerous Software Errors, 2011 http://cwe.mitre.org/top25/

  • Cyber Fraud - Tactics Techniques and Procedures http://www.crcpress.com/product/isbn/9781420091274

  • Cybercrime Report: Q1 2015, ThreatMetrix, 2015 http://info.threatmetrix.com/WP-2015Q1CybercrimeReport_WP-LP.html

  • Data Breach Investigations Report (DBIR), 2014 http://www.verizonenterprise.com/DBIR/2014/

  • Data Breach Investigations Report (DBIR), 2015 http://www.verizonenterprise.com/DBIR/2015/

  • Data Breaches Fuel Login Attacks Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2014-state-of-the-internet-threat-advisory-public-data-breaches-fuel-login-attacks.pdf

  • Data Scraping Wikipedia http://en.wikipedia.org/wiki/Data_scraping

  • DDoS Quick Guide https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf

  • DDoS Threat Landscape Report, 2013-2014 http://lp.incapsula.com/rs/incapsulainc/images/2013-14_ddos_threat_landscape.pdf

  • Defending Against an Internet-based Attack on the Physical World http://avirubin.com/scripted.attacks.pdf

  • Defending Against Application-Based DDoS Attacks with the Barracuda Web Application Firewall https://www.barracuda.com/assets/docs/White_Papers/Barracuda_Web_Application_Firewall_WP_Defending%20_Against_%20Application-Based_%20DDoS_%20Attacks.pdf

  • Demystifying HTML 5 Attacks http://resources.infosecinstitute.com/demystifying-html-5-attacks/

  • Denial of Service Attacks: A Comprehensive Guide to Trends Techniques and Technologies Hacker Intelligence Initiative Imperva http://www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf

  • Detecting and Blocking Site Scraping Attacks Imperva http://www.imperva.com/docs/WP_Detecting_and_Blocking_Site_Scraping_Attacks.pdf

  • Detecting Automation of Twitter Accounts: Are you a human cyborg or a bot? http://www.cs.wm.edu/~hnw/paper/tdsc12b.pdf

  • Detecting Malice Robert "RSnake" Hansen 2009 http://www.detectmalice.com/

  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1414072277428&uri=CELEX:32002L0058

  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:31995L0046

  • Distributed Denial-of-Service (DDoS) Cyber-Attacks Risk Mitigation and Additional Resources Federal Financial Institutions Examination Council http://www.ffiec.gov/press/PDF/FFIEC%20DDoS%20Joint%20Statement.pdf

  • Do Evil - The Business of Social Media Bots Forbes http://www.forbes.com/sites/lutzfinger/2015/02/17/do-evil-the-business-of-social-media-bots/

  • DoS and DDoS Glossary of Terms prolexic http://www.prolexic.com/knowledge-center-dos-and-ddos-glossary.html#layer-7-ddos-attack

  • E-commerce Malware Trustwave https://gsr.trustwave.com/topics/placeholder-topic/e-commerce-malware/

  • Exploiting Software, G. Hoglund and G. McGraw, Addison-Wesley, 2004

  • Five Trends to Track in E-Commerce Fraud, ThreatMetrix, 2013 http://info.threatmetrix.com/rs/threatmetrix/images/Five_Trends_eCommerce_Fraud_WP.pdf

  • Hacker builds cheatbot for hit app Trivia Crack http://www.theregister.co.uk/2015/03/26/hacker_builds_trivia_crack_cheat_app/

  • Has Walmart opened itself up to “Denial of inventory” attacks? https://arstechnica.com/business/2012/05/has-walmart-opened-itself-up-to-denial-of-inventory-attacks/

  • How Hoarder Bots Steal sales from Online Retailers https://www.internetretailer.com/mobile/2016/12/16/how-hoarder-bots-steal-sales-online-retailers

    • How to Defend Against DDoS Attacks - Strategies for the Network Transport and Application Layers Prolexic http://www.prolexic.com/kcresources/white-paper/strategies-for-the-network-transport-and-application-layers-412/Strategies_for_the_Network_Transport_and_Application_Layers_Prolexic_White_Paper_A4_082412.pdf

  • How to Defend Online Travel Websites in the Era of Site Scraping, Distil Networks http://www.distilnetworks.com/defend-online-travel-websites-era-site-scraping-download/

  • How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores http://research.microsoft.com/pubs/145858/caas-oakland-final.pdf

  • HTML5 Overview A look at HTML5 Attack Scenarios Trend Micro 2011 http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_html5-attack-scenarios.pdf

  • HTML5 Top 10 Threats Stealth Attacks and Silent Exploits 2012 https://media.blackhat.com/bh-eu-12/shah/bh-eu-12-Shah_HTML5_Top_10-WP.pdf

  • HTML5 web security 2011 http://media.hacking-lab.com/hlnews/HTML5_Web_Security_v1.0.pdf

  • HTTPPOST - Slow POST Wong Onn Chee OWASP AppSec DC 2010 https://www.owasp.org/images/4/43/Layer_7_DDOS.pdf

  • If you've got @British_Airways account may make sense to change your password. Just had all my Avios cleared out! https://twitter.com/suttonnick/status/581556027948195840/photo/1

  • Internet Security Threat Report, Volume 19, 2014 http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf

  • An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks http://www.springer.com/gb/book/9788132202769

  • Is Your Data Center Ready for Today’s DDoS Threats? DDoS attack types protection methods and testing your detection and mitigation defenses http://www.fortinet.com/sites/default/files/whitepapers/WP-DDoS-Testing.pdf

  • Joomla Reflection DDoS-for-Hire Akamai Feb 2015 http://www.stateoftheinternet.com/downloads/pdfs/2015-state-of-the-internet-threat-advisory-joomla-reflection-attack-ddos-for-hire.pdf

  • Layer 7 DDOS – Blocking HTTP Flood Attacks http://blog.sucuri.net/2014/02/layer-7-ddos-blocking-http-flood-attacks.html

  • Lenovo Superfish put smut on my system' – class-action lawsuit The Register http://www.theregister.co.uk/2015/02/23/lenovo_superfish_class_action_lawsuit/

  • List of Attack Vectors Relative Vulnerability Rating TECAPI http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp#

  • Man in the Browser http://scisweb.ulster.ac.uk/~kevin/IJACI-Vol4No1-maninbrowser.pdf

  • Man in the Browser Attack https://www.owasp.org/index.php/Man-in-the-browser_attack

  • Mapping and Measuring Cybercrime, Oxford Internet Institute http://www.oii.ox.ac.uk/publications/FD18.pdf

  • Massive Changes in the Criminal Landscape Europol 2015 https://www.europol.europa.eu/content/massive-changes-criminal-landscape

  • Matching Attack Patterns to Security Vulnerabilities in Software-Intensive System Designs http://collaboration.csc.ncsu.edu/laurie/Papers/ICSE_Final_MCG_LW.pdf

  • Mitigating DDoS Attacks with F5 Technology F5 https://f5.com/resources/white-papers/mitigating-ddos-attacks-with-f5-technology

  • Mitigating the DoS/DDosS Threat, Radware, 2012 http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452061

  • Modern Web Attacks, Sophos, 2007 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/modern-web-attacks.aspx

  • ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks https://www.trustwave.com/Resources/SpiderLabs-Blog/(Updated)-ModSecurity-Advanced-Topic-of-the-Week--Mitigating-Slow-HTTP-DoS-Attacks/

  • Most common attacks on web applications https://ipsec.pl/web-application-security/most-common-attacks-web-applications.html

  • Multi-dimensional Vulnerability Hierarchies Daniel Miessler https://danielmiessler.com/study/multi-dimensional-vulnerability-hierarchies/

  • New Wave of DDoS Attacks Launched BankInfoSecurity.com Mar 2013 http://www.bankinfosecurity.com/new-wave-ddos-attacks-launched-a-5584/op-1

  • NOMAD: Toward Non-Invasive Moving Target Defense Against Web Bots http://faculty.cs.tamu.edu/guofei/paper/NOMAD_CNS13.pdf

  • Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year Sep 2014 http://www.darkreading.com/analytics/threat-intelligence/online-ad-fraud-exposed-advertisers-losing-$63-billion-to-$10-billion-per-year/d/d-id/1317979

  • Online Data Companies versus Bots: The Fight is on for Control of Online Data, Distil Networks http://www.distilnetworks.com/online-data-companies-vs-bots-download/

  • Optimal Airline Ticket Purchasing Using Automated User-Guided Feature Selection http://ijcai.org/papers13/Papers/IJCAI13-032.pdf

  • Payment Checkout Flaws and Bugs 2014 https://www.clerkendweller.uk/2014/11/4/Payment-Checkout-Flaws-and-Bugs

  • PCI Compliance Report 2015 Verizon http://www.verizonenterprise.com/pcireport/2015/

  • Pixel Perfect Timing Attacks with HTML5 2013 http://www.contextis.com/services/research/white-papers/pixel-perfect-timing-attacks-html5/

  • Polymorphism as a Defense for Automated Attack of Websites http://link.springer.com/chapter/10.1007%2F978-3-319-07536-5_30

  • Preventing Web Scraping: Best Practice https://creativedigitalideas.files.wordpress.com/2014/11/best-practice-to-prevent-web-scraping.pdf

  • Profile: Automated Credit Card Fraud http://old.honeynet.org/papers/profiles/cc-fraud.pdf

  • Protecting Against Web Floods, Radware http://www.radware.com/PleaseRegister.aspx?returnUrl=6442452968

  • Q4 2014 State of the Internet Security Report prolexic http://www.stateoftheinternet.com/downloads/pdfs/2014-internet-security-report-q4.pdf

  • Reflection injection http://cybersecurity.ieee.org/images/files/images/pdf/CybersecurityInitiative-online.pdf

  • A Report on taxonomy and evaluation of existing inventories, ENISAhttp://ecrime-project.eu/wp-content/uploads/2015/02/E-Crime-Deliverable-2-1-20141128_FINAL.pdf

  • Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft, Dept of Justice http://www.justice.gov/criminal/cybercrime/docs/ip-victim-guide-and-checklist-march-2013.pdf

  • SANS Top 20 Critical Controls https://www.sans.org/critical-security-controls/

  • Securing Websites, Sophos, 2011 http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/securing-websites.aspx

  • Security Insights: Defending Against Automated Threats http://www.securityweek.com/security-insights-defending-against-automated-threats

  • Server side DDoS Imperva http://www.imperva.com/DefenseCenter/ThreatAdvisories/DDOS_Attack_Method_Payload_05182010

  • Slow Read Denial of Service attack https://code.google.com/p/slowhttptest/wiki/SlowReadTest

  • Slow-Read DoS Attack https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Advanced-Topic-of-the-Week--Mitigation-of--Slow-Read--Denial-of-Service-Attack/

  • Slowloris HTTP DoS http://ha.ckers.org/slowloris/

  • So what are the "most critical" application flaws? On new OWASP Top 10 https://ipsec.pl/application-security/2013/so-what-are-most-critical-application-flaws-new-owasp-top-10.html

  • Social Media Bots Offer Phony Friends and Real Profit NY Times http://www.nytimes.com/2014/11/20/fashion/social-media-bots-offer-phony-friends-and-real-profit.html?_r=1

  • Software Vulnerability Analysis, Krsul, 1998 http://www.krsul.org/ivan/articles/main.pdf

  • Sophos Security Threat Report http://blogs.sophos.com/2014/12/11/our-top-10-predictions-for-security-threats-in-2015-and-beyond/

  • SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/#.VSuiEhPSngM

  • State of Software Security Report, Volume 5, Veracode, 2013 https://info.veracode.com/state-of-software-security-report-volume5.html

  • Stopping Automated Attack Tools http://www.technicalinfo.net/papers/StoppingAutomatedAttackTools.html

  • Taxonomy on Online Game Security http://www.math.snu.ac.kr/~jhcheon/publications/2004/Taxonomy%20on%20online%20game%20security_EL.pdf

  • A Taxonomy of Computer Program Security Flaws, with Examples, Landwehr https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf

  • A Taxonomy of Security Faults in the UNIX Operating System, Aslam, 1995 https://cwe.mitre.org/documents/sources/ATaxonomyofSecurityFaultsintheUNIXOperatingSystem%5BAslam95%5D.pdf

  • Testing Guide, v4, OWASP, 2014 https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf

  • The Bot Baseline: Fraud in Digital Advertising https://s3.amazonaws.com/whiteops-public/WO-ANA-Baseline-Study-of-Bot-Fraud.pdf

  • The Internet Organised Crime Threat Assessment (iOCTA) 2014 https://www.europol.europa.eu/content/internet-organised-crime-threat-assesment-iocta

  • The Notorious Nine Cloud Computing Top Threats in 2013 CSA https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

  • The Risks of Content Management Systems, IBM, 2015 https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/CMS_Threats_MSS_Threat_Report.pdf

  • The Spy in the Sandbox – Practical Cache Attacks in Javascript http://iss.oy.ne.ro/SpyInTheSandbox.pdf

  • Thousands of Hacked Uber Accounts Selling on Dark Web for $1 http://thehackernews.com/2015/03/thousands-of-hacked-uber-accounts_30.html?m=1

  • Threat Intelligence Quarterly, IBM, 1Q 2015 https://www.ibm.com/services/forms/signup.do?source=swg-WW_Security_Organic&S_PKG=ov33510&S_TACT=C327017W&dynform=18101

  • Threat Modeling: Designing for Security, Adam Shostack, Wiley, April 2014 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118809998.html

  • Threats and Mitigations: A Guide to Multi-Layered Web Security - eBook Prolexic http://www.prolexic.com/knowledge-center/prolexic-download/guide-multi-layered-web-security-ebook.pdf

  • Trapping Unknown Malware in a Context Web, Sophos http://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/HuqSzabo-VB2013.pdf?la=en.pdf

  • Trustwave Global Security Report 2014 https://www2.trustwave.com/GSR2014.html?utm_source=redirect&utm_medium=web&utm_campaign=GSR2014

  • TurboTax’s Anti-Fraud Efforts Under Scrutiny http://krebsonsecurity.com/2015/02/turbotaxs-anti-fraud-efforts-under-scrutiny/

  • Two Security Vulnerabilities in the Spring Framework’s MVC pdf (from 2008) http://blog.diniscruz.com/2011/07/two-security-vulnerabilities-in-spring.html

  • The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns http://static.usenix.org/events/leet11/tech/full_papers/Stone-Gross.pdf

  • Understanding Web Bots and How They Hurt Your Business Encapsula http://www.slideshare.net/Incapsula/understanding-web-bots-and-how-they-hurt-your-business

  • Use of A Taxonomy of Security Faults, Taimur Aslam, Ivan Krsul and Eugene H Spafford, 1996 http://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=2304&context=cstech

  • The WASC Threat Classification v2.0 http://projects.webappsec.org/w/page/13246978/Threat%20Classification

  • Warhol Worms: The Potential for Very Fast Internet Plagues http://www.iwar.org.uk/comsec/resources/worms/warhol-worm.htm

  • Web Application Attack Report #5 Imperva http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf

  • Web Application Defender's Cookbook: Battling Hackers and Protecting Users, Ryan Barnett, Wiley, December 2012 http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118362187.html

  • Web Attacks in the Wild Corsaire https://www.owasp.org/images/a/a7/Web_attacks_in_the_wild_-_ap.pdf

  • Web Automation Friend or Foe? https://www.owasp.org/images/5/58/OWASP_Israel_-May_2009-Ofer_Shezaf-_Automation_Attacks.pdf

  • Web Spambot Detection Based on Web Navigation Behaviour http://pedramhayati.com/papers/Web_Spambot_Detection_Based_on_Web_Usage_Behaviour.pdf

  • Website Security Statistics Report, 2014 http://info.whitehatsec.com/rs/whitehatsecurity/images/statsreport2014-20140410.pdf

  • What is Zeus? http://www.sophos.com/medialibrary/pdfs/technical%20papers/sophos%20what%20is%20zeus%20tp.pdf

  • When Web 2.0 Attacks! Understanding Ajax Flash and other highly interactive web technologies… https://www.owasp.org/images/f/fc/When_Web_2.0_Attacks_-_Understanding_Security_Implications_of_Highly_Interactive_Technologies-Rafal_Los.pdf

  • Where have all of our Passwords Gone? Gartner 2015 http://blogs.gartner.com/avivah-litan/2015/01/22/where-have-all-our-passwords-gone/

  • WS-Attacks.org http://www.ws-attacks.org/index.php/Main_Page

PreviousオントロジーNextよくある質問

Last updated