Bibliografia

Podręczniki

• M.Sajdak, red., Bezpieczeństwo Aplikacji Webowych, Securitum, 2020
• A. Hoffman, Bezpieczeństwo nowoczesnych aplikacji internetowych. Przewodnik po zabezpieczeniach  Helion, 2021
• B. Schneier, Applied cryptography : protocolsalgorithms and source code in c (Twentieth anniversary). (2017). John Wiley& Sons
• J.-P. Aumasson, Serious Cryptography. A Practical Introduction to Modern Encryption, no starch press, 2017
• J. Stapleton, Security without Obscurity, Frequently Asked Questions (FAQ), CRC Press, 2021

Bibliografia [łącza aktualne na dzień 20.09.2024]

[1] Projekt Owasp Top Ten, The OWASP® Foundation

[2] Ogólne rozporządzenie o ochronie danych osobowych, GDPR

[3] Raport Ransomware Protection Market Research, 2031, Allied Market Research

[4] Publikacje NIST z serii SP800, Zalecenia cyberbezpieczeństwa

[5] Publikacje National Cyber Security Centre, UK

[6] Publikacje Niemieckiego Federalnego Urzędu ds. Bezpieczeństwa IT

[7] Publikacje Underwriters Laboratory nt. cyberbezpieczeństwa

[8] Applied cryptography: protocols algorithms and source code in c (Twentieth anniversary). (2017). . John Wiley & Sons. December 30 2023

[9] CVE-2023-37920 - root certificates

[10] Konfigurator ustawień TLS, Mozilla Foundation,

[11] Podatność w routerach SAP CVE-2014-0984

[12] Przykładowa podatność timing side-channel w HMAC CVE-2019-10071

[13] Alex Hern, Did your Adobe password leak? Now you and 150m others can check. The Guardian, 2013

[14] Alex Biryukov et.al., Specyfikacja algorytmu Argon2, University of Luxembourg

[15] Jaeger, D., Pelchen, C.D., Graupner, H., Cheng, F., & Meinel, C. (2016). Analysis of Publicly Leaked Credentials and the Long Story of Password ( Re-) use.

[16] Marc Ruef, Password Leak Analysis, Extensive Analysis of Passwords, 2021

[17] Corey Neskey, Are Your Passwords in the Green?, Hive Systems, 2020-2024

[18] Jean-Philippe Aumasson, Serious Cryptography. A Practical Introduction to Modern Encryption, ISBN:9781593278267, no starch press, 2017

[19] Jakob Lell, Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers, 2013

[20] Roger A. Grimes, Hacking Multifactor Authentication, Wiley, 2020, ISBN: 978-1-119-65080-5

[21] Troy Hunt, OWASP Top 10 for .NET developers part 6: Security Misconfiguration, 2010

[22] Chris Brook, PayPal Fixes CSRF Vulnerability in PayPal.me, 2016

[23] Ziyahan Albeniz, Whitepaper: The Definitive Guide to Same-origin Policy, Invicti

[24] B. B. Gupta and Pooja Chaudhary, Cross-site scripting attacks : classification, attack, and countermeasures, CRC Press, 2020, ISBN: 9780367367701

[25] M. Sajdak, red., Bezpieczeństwo Aplikacji Webowych, Securitum, 2020,  ISBN:9788395485329

[26] Andrew Horton, NetGear DGN2200 N300 CSRF / Disclosure / Command Execution, PacketStorm Security, 2014

[27] Ravie Lakshmanan, 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems,  The Hacker News, 2023

[28] Marc-Etienne M.Léveillé, Rene Holt, A pernicious potpourri of Python packages in PyPI, WeLiveSecurity by ESET, 2023 [Github]

[29] Keith Collins, How one programmer broke the internet by deleting a tiny piece of code, Quartz, 2016

[30] Mozilla, Subresource Integrity manual

[31] Dokumentacja npm-audit - narzędzia do audytu NPM.js

[32] New composer audit Command and security audits in Composer 2.4, PHPwatch, 2022

[33] Muh. Fani Akbar, Server-Side Request Forgery to Internal SMTP Access, Medium.com, 2022

[34] Basavaraj Banakar, SSRF via DNS Rebinding (CVE-2022–4096), Medium.com, 2022

[35] RFC7519 - JSON Web Token (JWT) specification, M. Jones, J. Bradley, N. Sakimura, IETF, 2015

[36] CVE-2015-2951, JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.

[37] CVE-2016-10555, JWT, algorithm change vulnerability

[38] CVE-2018-0114, JWT embedded key vulnerability

[39] Dave Wichers, Free for Open Source Application Security Tools, OWASP, 2024

[40] Philip Walton, First Contentful Paint (FCP), web.dev

[41] WebAssembly homepage

[42] WebAssembly in Rust, manual

[43] EmScripten a C/C++ to WebAssembly compiler - homepage

[44] WebAssembly in Golang

[45] WebAssembly in Python

[46] WasmEdge - WebAssembly runtime for cloud applications

[47] Wasmer - WebAssembly runtime

[48] Daniel Smilkov, Nikhil Thorat, and Ann Yuan, Introducing the WebAssembly backend for TensorFlow.js, Google, 2020

[49] Pyodide - a Python interpreter in the browser in WebAssembly

[50] Blazor - full-stack .NET and C#, Microsoft

[51] Ilya Grigorik, High Performance Browser Networking, Brief History of HTTP, O'Reilly, 2013

[52] RFC2616, Hypertext Transfer Protocol -- HTTP/1.1, R. Fielding et. al., NWG, 1999

[53] SPDY: An experimental protocol for a faster web, Google

[54] RFC9113, HTTP/2, M. Thomson, Ed., C. Benfield, Ed., IETF, 2022

[55]  IETF QUIC Working Group, QUIC version 1

[56] DNSPerf, DNS Performance Analytics and Comparison, Live, DigiCert PerfOps

[57] CloudFlare CDN network description, CludFlare, 2024

[58] Origin Cache Control specification, CloudFlare, 2024

[59] Can I Use, WEBP standard browser support chart

[60] WEBP, Google, 2024

[61] Mozilla web performance guidelines, Mozilla

[62] OWASP TOP 10: Insufficient Attack Protection #7 – CAPTCHA Bypass, SecureLayer7, 2024

[63] Thomas Roche, EUCLEAK, NinjaLabs, 2024