References - J2EE Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice

References

[Anderson, 2001] Anderson, Ross J., Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley Computer Publishing, 2001.

[Viega, 2002a] Viega, John and Gary McGraw, Building Secure Software: How to Avoid the Security Problems the Right Way, Addison-Wesley, 2002.

[Tanenbaum, 1996] Tanenbaum, Andrew S., Computer Networks, Third Edition, Prentice Hall, Inc., 1996.

[Scheneir, 1996] Schneier, Bruce, Applied Cryptography, Second Edition: protocols, algorithms, and source code in C, John Wiley & Sons, Inc., 1996.

[Rescorla, 2001] Rescorla, Eric, SSL and TLS: designing and building secure systems, Addison Wesley, 2001.

[Howard, 2002] Howard, Michael and David LeBlanc, Writing Secure Code, Microsoft Press, 2002.

[Oaks, 2001] Oaks, Scott, Java Security, 2nd Edition, O'Reilly, 2001.

[Viega, 2002b] Viega, John, Matt Messier and Pravir Chandra, Network Security with OpenSSL, O'Reilly, 2002.

[Sun, 2002a] Sun Microsystems, Java Cryptography Architecture API Specification & Reference, 8 February 2002, http://java.sun.com/j2se/1.4/docs/guide/security/CryptoSpec.html

[Sun, 2002b] Sun Microsystems, Java Cryptography Extension Reference Guide for the Java 2 SDK, Standard Edition, v 1.4, 2002. http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html

[Sun, 2001] Sun Microsystems, How to Implement a Provider for the Java Cryptography Architecture, 1 May 2001, http://java.sun.com/j2se/1.4/docs/guide/security/HowToImplAProvider.html

[Sun, 2002c] Sun Microsystems, How to Implement a Provider for the Java Cryptography Extension in the Java 2 SDK, Standard Edition, v 1.4, 2002. http://java.sun.com/j2se/1.4/docs/guide/security/jce/HowToImplAJCEProvider.html

[Housely, 2001] Russ Housely and Tim Polk, Planning for PKI, Best Practices Guide for Deploying Public Key Infrastructure, John Wiley & Sons, Inc., 2001.

[Sun, 2002d] Sun Microsystems, Java Certification Path API Programmer's Guide, Author: Sean Mullan, Last Modified: 8 February 2002. http://java.sun.com/j2se/1.4/docs/guide/security/certpath/CertPathProgGuide.html.

[RFC2459, 1999] Internet X.509 Public Key Infrastructure Certificate and CRL Profile, January 1999. http://www.ietf.org/rfc/rfc2459.txt.

[PKCS#7, 1993] PKCS # 7: Cryptographic Message Syntax Standard, An RSA Laboratories Technical Note, Version 1.5, Revised November 1, 1993. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/.

[RFC 2246] The TLS Protocol, Version 1.0, January 1999. http://www.ietf.org/rfc/rfc2246.txt.

[SANS/FBI Top 20, 2002] The Twenty Most Critical Internet Security Vulnerabilities (Update)桾he Experts' Consensus. Version 2.6, October 1. Latest version available online at http://www.sans.org/top20/.

[CSI/FBI Survey, 2002] 2002 CSI/FBI Computer Crime and Security Survey, by Richard Power. Computer Security Issues & Trends, Vol. VIII, No. 1, Spring 2002. Available online at http://www.gocsi.com/press/20020407.htm.

[Smith, Year Unknown] Lessons from a Security Breach, by Home Wilson Smith. Available online at http://www.amazing.com/internet/security-breach.html.

[NIST Security Handbook] An Introduction to Computer Security: The NIST Handbook. Special Publication 800-12. NIST Technology Administration, U.S. Department of Commerce. Available online at http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf.

[Bellovin, 1989] Security Problems in the TCP/IP Protocol Suite, by S. M. Bellovyn. Available online at http://www.deter.com/unix/papers/tcpip_problems_bellovin.pdf.

[Bellovin, 1995] Using the Domain Name System for System Break-ins, by Steve M. Bellovin. Available online at http://www.research.att.com/~smb/papers/dnshack.pdf.

[Phrack, 1996] IP-spoofing Demystified. Phrack magazine. June 1996. Guild Productions. Available online at http://www.signaltonoise.net/library/ipsp00f.htm.

[Whalen, 2001] An Introduction to ARP Spoofing, by Sean Whalen. April, 2001. Revision 1.8. Available online at http://chocobospore.org/projects/arpspoof/arpspoof.pdf.

[Paget, 2002] Exploiting design flaws in the Win32 API for privilege escalation, by Foon AKAChris Paget. Available online at http://security.tombom.co.uk/shatter.html.

[Felten, 1996] Web Spoofing: An Internet Con Game, by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Technical Report 540-96 (revised Feb. 1997), Department of Computer Science, Princeton University. Available online at http://www.cs.princeton.edu/sip/pub/spoofing.pdf.

[U.S. DOJ Computer Intrusion Cases] Listing of Computer Intrusion Cases at Computer Crime and Intellectual Property Section of U.S. Department of Justice Web site. Available online at http://www.cybercrime.gov/cccases.html.

[Emulex Web Hoax Report, 2002] Emulex Web Hoax Not the First … and It Certainly Won't Be the Last, by Blake A. Bell, August 25, 2000. Available online at http://www.simpsonthacher.com/FSL5CS/articles/articles860.asp.

[US DOJ Press Release, Oct. 10, 2001] Russian Computer Hacker Convicted by Jury. Press release by U.S. Department of Justice on October 10, 2001. Available online at http://www.usdoj.gov/criminal/cybercrime/gorshkovconvict.htm.

[US DOJ Press Release, Aug. 20, 2001] Former Cisco Accountants Plead Guilty to Wire Fraud via Unauthorized Access to Cisco Stock. Press release by U.S. Department of Justice on August 20, 2001. Available online at http://www.usdoj.gov/criminal/cybercrime/OsowskiPlea.htm.