中文文獻
[1]Cisco 思科2017年網路安全報告. https://wwwciscocom/c/dam/assets/m/zh_tw/security/security_2017acrreport_whitepaper_tc.pdf,上網日期:2017/05/10
[2]Tseng HC-Y, Chia B, Juang T-Y (2015) Web Forensic Evidence of SQL Injection Analysis (針對SQL Injection攻擊鑑識之分析). International Journal of Science and Engineering 5 (1):157-162. doi:10.6159/ijse.2015.(5-1).22
[3]TWNIC 2016年台灣頻寬網路使用調查報告. https://wwwtwnicnettw/download/200307/20160922e.pdf,上網日期:2017/5/10
[4]T客邦-ifanr Google改進CAPTCHA驗證機制. http://wwwtechbangcom/posts/21308-google-updated-the-captcha-verification-mechanism-in-more-intelligent-ways-to-prove-youre-human,上網日期:2017/4/15
[5]行政院國家資通安全會報技術服務中心 (2016) 政府機關近期常見系統弱點與補強建議. https://googl/asRoon,上網日期:2017/3/11
[6]翁銘宏 (2014) 網頁應用程式之測試案例繁衍. 臺灣大學,
[7]許振銘,許登凱 (2014) 以Andorid實驗案例探討OWASP行動裝置應用程式之十大威脅. 資訊安全通訊 20 (2):77-96[8]陳照明 (2015) kali Linux滲透測試工具(第二版). 碁?出版社
[9]黃明祥,林詠章,周永振 (2017/01/01) 資訊與網路安全實務. 高立圖書
[10]楊欣哲,林裕倫 (2014) 企業資訊網站設計之資訊安全的評估模式與評量工具之研究 (An Approach to Assessment Model and Metric Tool of Information Security in Designing EIP). 資訊管理學報 21 (2):107-137
[11]詹益璋 (2012) 校園網頁應用程式安全之研究-以淡江大學為例. 淡江大學,
[12]維基百科 (2016) 網路應用程式. https://zhwikipediaorg/wiki/%E7%BD%91%E7%BB%9C%E5%BA%94%E7%94%A8%E7%A8%8B%E5%BA%8F,上網日期:2017/03/02
[13]網智數位 FCKEditor攻擊手法說明與防護建議. http://wwwnetqnacom/2014/03/fckeditor.html,上網日期:2017/4/16
[14]劉作仁,洪光鈞,羅允廷,陳培德 台灣網站常見弱點之分析與探討. In, 2011. vol 第21屆. 中華民國資訊安全學會, pp 368-374
[15]盧芊慧 (2014) 跨網頁語言平台之SQL Injection攻擊產生系統. 交通大學,
[16]錢鉦津 (2014) OWASP ASVS應用軟體安全性驗證標準之新舊安全性等級劃分 (Security Levels between 2009 and 2014 Edition on OWASP Application Security Verification Standard). 品質月刊 50 (9):7-10[17]謝孟峰 (2014) 針對SQL Injection攻擊鑑識之分析. 臺北大學,
[18]趨勢科技 TrendLabs 2016 年資訊安全總評. http://wwwtrendmicrotw/cloud-content/tw/pdfs/security-intelligence/reports/trendlabs_2016_annual_information_security_review.pdf,上網日期:2017/4/20
英文文獻
[19]A. K TK, Liu H, Thomas JP, Mylavarapu G Identifying Sensitive Data Items within Hadoop. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 24-26 Aug. 2015 2015. pp 1308-1313. doi:10.1109/HPCC-CSS-ICESS.2015.293
[20]Alqahtani SS, Eghan EE, Rilling J SV-AF — A Security Vulnerability Analysis Framework. In: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), 23-27 Oct. 2016 2016. pp 219-229. doi:10.1109/ISSRE.2016.12
[21]Aziz NA, Shamsuddin SNZ, Hassan NA Inculcating Secure Coding for beginners. In: 2016 International Conference on Informatics and Computing (ICIC), 28-29 Oct. 2016 2016. pp 164-168. doi:10.1109/IAC.2016.7905709
[22]DVWA Damn Vulnerable Web Application. http://wwwdvwa.co.uk/,accessed 2017/02/05
[23]Eshete B, Villafiorita A, Weldemariam K Early Detection of Security Misconfiguration Vulnerabilities in Web Applications. In: 2011 Sixth International Conference on Availability, Reliability and Security, 22-26 Aug. 2011 2011. pp 169-174. doi:10.1109/ARES.2011.31
[24]Exposures CVa Search this CVE Website. https://cvemitreorg/find/
[25]Farah T, Shojol M, Hassan M, Alam D Assessment of vulnerabilities of web applications of Bangladesh: A case study of XSS & CSRF. In: 2016 Sixth International Conference on Digital Information and Communication Technology and its Applications (DICTAP), 21-23 July 2016 2016. pp 74-78. doi:10.1109/DICTAP.2016.7544004
[26]Guamán D, Guamán F, Jaramillo D, Sucunuta M Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security. In: 2017 12th Iberian Conference on Information Systems and Technologies (CISTI), 21-24 June 2017 2017. pp 1-7. doi:10.23919/CISTI.2017.7975981
[27]Huang HC, Zhang ZK, Cheng HW, Shieh SW (2017) Web Application Security: Threats, Countermeasures, and Pitfalls. Computer 50 (6):81-85. doi:10.1109/MC.2017.183
[28]Jiménez RELd Pentesting on web applications using ethical - hacking. In: 2016 IEEE 36th Central American and Panama Convention (CONCAPAN XXXVI), 9-11 Nov. 2016 2016. pp 1-6. doi:10.1109/CONCAPAN.2016.7942364
[29]Lin X, Zavarsky P, Ruhl R, Lindskog D Threat Modeling for CSRF Attacks. In: 2009 International Conference on Computational Science and Engineering, 29-31 Aug. 2009 2009. pp 486-491. doi:10.1109/CSE.2009.372
[30]OWASP Home. https://wwwowasporg/indexphp/Main_Page,accessed 2017/02/05
[31]OWASP Mutillidae II. https://sourceforgenet/projects/mutillidae/,accessed 2017/02/05
[32]OWASP OWASP Top 10 2013 document. https://storagegoogleapiscom/google-code-archive-downloads/v2/codegooglecom/owasptop10/OWASP%20Top%2010%20-%202013.pdf,accessed 2017/02/05
[33]Salas MIP, Geus PLD, Martins E Security Testing Methodology for Evaluation of Web Services Robustness - Case: XML Injection. In: 2015 IEEE World Congress on Services, June 27 2015-July 2 2015 2015. pp 303-310. doi:10.1109/SERVICES.2015.53
[34]SriNithi D, Elavarasi G, Raj TFM, Sivaprakasam P (2014) Improving Web Application Security Using Penetration Testing. Research Journal of Applied Sciences, Engineering and Technology 8 (5):658-663
[35]Sudhodanan A, Carbone R, Compagna L, Dolgin N, Armando A, Morelli U Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), 26-28 April 2017 2017. pp 350-365. doi:10.1109/EuroSP.2017.45
[36]Suju DA, Gandhi GM An automaton based approach for forestalling cross site scripting attacks in web application. In: 2015 Seventh International Conference on Advanced Computing (ICoAC), 15-17 Dec. 2015 2015. pp 1-6. doi:10.1109/ICoAC.2015.7562786
[37]Wang CH, Zhou YS A New Cross-Site Scripting Detection Mechanism Integrated with HTML5 and CORS Properties by Using Browser Extensions. In: 2016 International Computer Symposium (ICS), 15-17 Dec. 2016 2016. pp 264-269. doi:10.1109/ICS.2016.0060
[38]Xiao L, Matsumoto S, Ishikawa T, Sakurai K SQL Injection Attack Detection Method Using Expectation Criterion. In: 2016 Fourth International Symposium on Computing and Networking (CANDAR), 22-25 Nov. 2016 2016. pp 649-654. doi:10.1109/CANDAR.2016.0116
[39]Zalbina MR, Septian TW, Stiawan D, Idris MY, Heryanto A, Budiarto R Payload recognition and detection of Cross Site Scripting attack. In: 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), 26-27 March 2017 2017. pp 172-176. doi:10.1109/Anti-Cybercrime.2017.7905285