References

Bos, R. (2023, May 8). Use after free vulnerability in C++ - Tutorial & Examples. Snyk Learn. https://learn.snyk.io/lesson/use-after-free/

Buffer Overflow Attack Explained with a C Program Example. (n.d.). https://www.thegeekstuff.com/2013/06/buffer-overflow/

File Upload - OWASP Cheat Sheet Series. (n.d.). https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html

Getting started with the web - Learn web development - MDN. (2024, February 4). MDN Web Docs. https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web GfG. (2022, July 1).

Buffer Overflow Attack with Example. GeeksforGeeks. https://www.geeksforgeeks.org/buffer-overflow-attack-with-example/ Invicti. (2023, February 23).

Remote Code Execution (RCE) - Code Injection - Learn AppSEC InvicTI. https://www.invicti.com/learn/remote-code-execution-rce/

Java SQL injection Guide: Examples and prevention. (n.d.). StackHawk. https://www.stackhawk.com/blog/java-sql-injection-guide-examples-and-prevention/ Michael Sommer. (2020, January 3).

Injection Prevention - OWASP Cheat Sheet Series. (2021). https://cheatsheetseries.owasp.org/cheatsheets/Injection_Prevention_Cheat_Sheet.html

Insecure direct object references (Video solution) [Video]. YouTube. https://www.youtube.com/watch?v=Sd8jL96H0hc

M4: Insufficient Input/Output Validation - OWASP Foundation. (n.d.). https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation

PHP: Description of core php.ini directives - Manual. (n.d.-a). https://www.php.net/manual/en/ini.core.php#ini.disable-functions

PHP: Description of core php.ini directives - Manual. (n.d.-b). https://www.php.net/manual/en/ini.core.php#ini.disable-functions

PHP MySQL Prepared Statements. (n.d.). https://www.w3schools.com/php/php_mysql_prepared_statements.asp

PHP: SQL Injection - manual. (n.d.). https://www.php.net/manual/en/security.database.sql-injection.php

PHP: Variable functions - Manual. (n.d.). https://www.php.net/manual/en/functions.variable-functions.php

Python, R. (n.d.). Real Python Security and Reporting – Real Python. https://realpython.com/security/

Shim, T. (2024, April 7). Python security vulnerabilities: common risks and how to mitigate them.

Bitcatcha - Web Hosting, VPN, Cloud Storage & More. https://www.bitcatcha.com/blog/python-security-vulnerabilities/

Sayar, I., Bartel, A., Bodden, E., & Le Traon, Y. (2023, January 31). An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities. ACM Transactions on Software Engineering and Methodology, 32(1), 1–45. https://doi.org/10.1145/3554732

SQL Injection Prevention - OWASP Cheat Sheet Series. (n.d.). https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

Team, R. S. (2023, February 25). Insecure Deserialization in Java. Redfox Security. https://redfoxsec.com/blog/insecure-deserialization-in-java/

Use-After-Free vulnerability - CQR. (n.d.). CQR. https://cqr.company/web-vulnerabilities/use-after-free-vulnerability/

What is a Java Deserialization Vulnerability? - Waratek. (2023, January 30). Waratek. https://waratek.com/blog/java-deserialization-vulnerability/

What is SQL Injection (SQLi) and How to Prevent Attacks. (2024, January 9). Acunetix. https://www.acunetix.com/websitesecurity/sql-injection

WSTG - Latest - OWASP Foundation. (n.d.). https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References

Previous: Java › Chapter 8.
Insecure Deserialization