meirjann/uni-sose26-sm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: meirjann/uni-sose26-sm:a8017ffd24114f53fb6e7d63b4ac703299cdbf9e
Branches Tags
meirjann/uni-sose26-sm:main
...
compare: meirjann/uni-sose26-sm:main
Branches Tags
meirjann/uni-sose26-sm:main

5 Commits
a8017ffd24 ... main

Author SHA1 Message Date
Jannik Meier 7e39a3bd19 feat: new sources 2026-06-16 20:51:46 +02:00
Jannik Meier faa69fc0b3 fix: ambiguous symbols 2026-06-16 20:35:42 +02:00
Jannik Meier 18a7a88737 feat: published reference bib 2026-06-16 20:33:59 +02:00
Jannik Meier 09a79b5c49 fix: wrapping of texts 2026-06-09 21:19:12 +02:00
Jannik Meier 579888a315 fix: truncate wrong spacing 2026-06-09 19:54:48 +02:00
3 changed files with 857 additions and 1 deletions
Expand all files Collapse all files
abgaben/referenzen.bib
+840
View File
@@ -0,0 +1,840 @@
% Referenzen für 4ca - Bedrohungsmodellierung / OWASP
@misc{owasp_top10_2021,
author = {{OWASP Foundation}},
title = {{OWASP Top 10:2021}},
year = {2021},
url = {https://owasp.org/Top10/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_asvs,
author = {{OWASP Foundation}},
title = {{Application Security Verification Standard (ASVS) v4.0.3}},
year = {2021},
url = {https://owasp.org/www-project-application-security-verification-standard/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_risk_rating,
author = {{OWASP Foundation}},
title = {{OWASP Risk Rating Methodology}},
year = {2021},
url = {https://owasp.org/www-community/OWASP_Risk_Rating_Methodology},
note = {Abgerufen am 09.06.2026}
}
@misc{cwe_mitre,
author = {{MITRE Corporation}},
title = {{Common Weakness Enumeration (CWE)}},
year = {2024},
url = {https://cwe.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{mitre_attack,
author = {{MITRE Corporation}},
title = {{MITRE ATT\&CK Enterprise Matrix}},
year = {2024},
url = {https://attack.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@techreport{nist_sp800_53,
author = {{National Institute of Standards and Technology}},
title = {{Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5)}},
institution = {NIST},
year = {2020},
number = {SP 800-53 Rev. 5},
doi = {10.6028/NIST.SP.800-53r5}
}
@techreport{bsi_app31,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{IT-Grundschutz-Baustein APP.3.1: Webanwendungen und Webservices}},
institution = {BSI},
year = {2023},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/IT_Grundschutz_Kompendium_Edition2023.pdf}
}
@techreport{nist_pqc_2024,
author = {{National Institute of Standards and Technology}},
title = {{Post-Quantum Cryptography Standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)}},
institution = {NIST},
year = {2024},
url = {https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization}
}
@misc{spycloud_2024,
author = {{SpyCloud}},
title = {{Annual Identity Exposure Report 2024}},
year = {2024},
url = {https://spycloud.com/resource/2024-annual-identity-exposure-report/},
note = {Abgerufen am 09.06.2026}
}
@misc{mandiant_mtrends_2024,
author = {{Mandiant}},
title = {{M-Trends 2024: Special Report}},
year = {2024},
url = {https://www.mandiant.com/m-trends},
note = {Abgerufen am 09.06.2026}
}
@misc{uber_breach_2022,
author = {{Uber Technologies}},
title = {{Security Update -- September 2022}},
year = {2022},
url = {https://www.uber.com/newsroom/security-update/},
note = {Abgerufen am 09.06.2026}
}
@misc{capitalone_breach_2019,
author = {Krebs, Brian},
title = {{Capital One Data Theft Impacts 106M People}},
howpublished = {KrebsOnSecurity},
year = {2019},
url = {https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/},
note = {Abgerufen am 09.06.2026}
}
@misc{twitter_plaintext_2018,
author = {{Twitter}},
title = {{Keeping your account secure}},
year = {2018},
url = {https://blog.twitter.com/en_us/topics/company/2018/keeping-your-account-secure},
note = {Abgerufen am 09.06.2026}
}
@misc{cve_log4shell,
author = {{MITRE Corporation}},
title = {{CVE-2021-44228: Apache Log4j2 Remote Code Execution (Log4Shell)}},
year = {2021},
url = {https://nvd.nist.gov/vuln/detail/CVE-2021-44228},
note = {National Vulnerability Database}
}
@misc{cve_spring4shell,
author = {{MITRE Corporation}},
title = {{CVE-2022-22965: Spring Framework Remote Code Execution (Spring4Shell)}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-22965},
note = {National Vulnerability Database}
}
@misc{cve_confluence_2022,
author = {{MITRE Corporation}},
title = {{CVE-2022-26134: Confluence Server OGNL Injection}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-26134},
note = {National Vulnerability Database}
}
@misc{cve_freak,
author = {{MITRE Corporation}},
title = {{CVE-2015-0204: FREAK - Factoring RSA Export Keys}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-0204},
note = {National Vulnerability Database}
}
@misc{cve_logjam,
author = {{MITRE Corporation}},
title = {{CVE-2015-4000: Logjam TLS Downgrade Attack}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-4000},
note = {National Vulnerability Database}
}
@misc{cve_crime,
author = {{MITRE Corporation}},
title = {{CVE-2012-4929: CRIME -- Compression Ratio Info-leak Made Easy}},
year = {2012},
url = {https://nvd.nist.gov/vuln/detail/CVE-2012-4929},
note = {National Vulnerability Database}
}
@misc{cve_jackson_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-7525: Jackson-databind Deserialization Vulnerability}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-7525},
note = {National Vulnerability Database}
}
@misc{cve_jquery_2019,
author = {{MITRE Corporation}},
title = {{CVE-2019-11358: jQuery Prototype Pollution}},
year = {2019},
url = {https://nvd.nist.gov/vuln/detail/CVE-2019-11358},
note = {National Vulnerability Database}
}
@misc{cve_dompurify_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-26870: DOMPurify Mutation XSS Bypass}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-26870},
note = {National Vulnerability Database}
}
@misc{cve_exchange_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-0688: Microsoft Exchange Server Remote Code Execution}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-0688},
note = {National Vulnerability Database}
}
@misc{iso_27001,
author = {{International Organization for Standardization}},
title = {{ISO/IEC 27001:2022 -- Information Security Management Systems}},
year = {2022},
url = {https://www.iso.org/standard/82875.html}
}
@misc{nis2_directive,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Richtlinie (EU) 2022/2555 über Maßnahmen für ein hohes gemeinsames Cybersicherheitsniveau in der Union (NIS2)}},
year = {2022},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32022L2555}
}
@misc{dsgvo_art32,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2016/679 -- Datenschutz-Grundverordnung (DSGVO), Art. 32}},
year = {2016},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679}
}
@misc{fido2_webauthn,
author = {{W3C and FIDO Alliance}},
title = {{Web Authentication (WebAuthn) Level 2}},
year = {2021},
url = {https://www.w3.org/TR/webauthn-2/},
note = {W3C Recommendation}
}
@article{bell_lapadula,
author = {Bell, D. E. and LaPadula, L. J.},
title = {{Secure Computer Systems: Mathematical Foundations}},
journal = {MITRE Technical Report MTR-2547},
year = {1973},
institution = {The MITRE Corporation}
}
@misc{akamai_soti_2024,
author = {{Akamai Technologies}},
title = {{State of the Internet / Security: Credential Stuffing Report}},
year = {2024},
url = {https://www.akamai.com/resources/state-of-the-internet/soti-security},
note = {Abgerufen am 09.06.2026}
}
@misc{hibp,
author = {Hunt, Troy},
title = {{Have I Been Pwned -- Check if your email has been compromised}},
year = {2013},
url = {https://haveibeenpwned.com/},
note = {Abgerufen am 09.06.2026}
}
@techreport{rfc9106_argon2,
author = {Biryukov, Alex and Dinu, Daniel and Khovratovich, Dmitry and Josefsson, Simon},
title = {{Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications (RFC 9106)}},
institution = {IETF},
year = {2021},
number = {RFC 9106},
doi = {10.17487/RFC9106}
}
@misc{owasp_sqli_cheatsheet,
author = {{OWASP Foundation}},
title = {{SQL Injection Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_csrf_cheatsheet,
author = {{OWASP Foundation}},
title = {{Cross-Site Request Forgery Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{doyensec_2023,
author = {{Doyensec}},
title = {{Threat Intelligence Platform Security Assessment -- Findings Summary}},
year = {2023},
note = {Interner Penetrationstest-Bericht; nicht öffentlich zugänglich}
}
@misc{cve_jenkins_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-1000353: Jenkins Remote Code Execution via Unsafe Deserialization}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-1000353},
note = {National Vulnerability Database}
}
@misc{trusted_types_w3c,
author = {{W3C}},
title = {{Trusted Types -- W3C Working Draft}},
year = {2024},
url = {https://w3c.github.io/trusted-types/dist/spec/},
note = {Abgerufen am 09.06.2026}
}
% ── Neue Quellen (3b-Vertiefung) ────────────────────────────────────────────
@misc{bsi_grundschutz_online_kurs,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{Online-Kurs IT-Grundschutz -- Lektion 1: Einführung}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/Zertifizierte-Informationssicherheit/IT-Grundschutzschulung/Online-Kurs-IT-Grundschutz/online-kurs-it-grundschutz_node.html},
note = {Abgerufen am 09.06.2026}
}
@misc{bsi_standards,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standards zur Informationssicherheit}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/BSI-Standards/bsi-standards_node.html},
note = {Abgerufen am 09.06.2026}
}
@techreport{bsi_200_2,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-2: IT-Grundschutz-Methodik}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_2.pdf}
}
@techreport{bsi_200_3,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-3: Risikoanalyse auf der Basis von IT-Grundschutz}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_3.pdf}
}
@misc{bdsg_2018,
author = {{Bundesrepublik Deutschland}},
title = {{Bundesdatenschutzgesetz (BDSG) in der Fassung vom 30.06.2017}},
year = {2017},
url = {https://www.gesetze-im-internet.de/bdsg_2018/},
note = {BGBl. I S. 2097}
}
@techreport{iso_31000,
author = {{International Organization for Standardization}},
title = {{ISO 31000:2018 -- Risk Management: Guidelines}},
institution = {ISO},
year = {2018},
number = {ISO 31000:2018},
url = {https://www.iso.org/standard/65694.html}
}
@misc{iec_62443,
author = {{International Electrotechnical Commission}},
title = {{IEC 62443: Security for Industrial Automation and Control Systems}},
year = {2023},
url = {https://www.iec.ch/iecnorm/4716/}
}
@misc{iec_61508,
author = {{International Electrotechnical Commission}},
title = {{IEC 61508: Functional Safety of E/E/PE Safety-Related Systems}},
year = {2010},
url = {https://www.iec.ch/functionalsafety/}
}
@misc{eu_cra,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2024/2847 -- Cyber Resilience Act (CRA)}},
year = {2024},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32024R2847}
}
@misc{mitre_capec,
author = {{MITRE Corporation}},
title = {{Common Attack Pattern Enumeration and Classification (CAPEC)}},
year = {2024},
url = {https://capec.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{enisa_threat_landscape,
author = {{European Union Agency for Cybersecurity (ENISA)}},
title = {{ENISA Threat Landscape 2024}},
year = {2024},
url = {https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024},
note = {Abgerufen am 09.06.2026}
}
% ── CWE - Common Weakness Enumeration ───────────────────────────────────────
@misc{cwe20,
author = {{MITRE Corporation}},
title = {{CWE-20: Improper Input Validation}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/20.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe89,
author = {{MITRE Corporation}},
title = {{CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/89.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe287,
author = {{MITRE Corporation}},
title = {{CWE-287: Improper Authentication}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/287.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe307,
author = {{MITRE Corporation}},
title = {{CWE-307: Improper Restriction of Excessive Authentication Attempts}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/307.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe502,
author = {{MITRE Corporation}},
title = {{CWE-502: Deserialization of Untrusted Data}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/502.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe521,
author = {{MITRE Corporation}},
title = {{CWE-521: Weak Password Requirements}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/521.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe611,
author = {{MITRE Corporation}},
title = {{CWE-611: Improper Restriction of XML External Entity Reference}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/611.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK - Offensive Taktiken ───────────────────────────────────────
@misc{t1059,
author = {{MITRE Corporation}},
title = {{T1059: Command and Scripting Interpreter}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1059/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1078,
author = {{MITRE Corporation}},
title = {{T1078: Valid Accounts}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1078/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1110004,
author = {{MITRE Corporation}},
title = {{T1110.004: Brute Force -- Credential Stuffing}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1110/004/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1190,
author = {{MITRE Corporation}},
title = {{T1190: Exploit Public-Facing Application}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1190/},
note = {Abgerufen am 16.06.2026}
}
% ── CWE Neue Einträge ──────────────────────────────────────────────────────
@misc{cwe22,
author = {{MITRE Corporation}},
title = {{CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/22.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe79,
author = {{MITRE Corporation}},
title = {{CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/79.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe200,
author = {{MITRE Corporation}},
title = {{CWE-200: Exposure of Sensitive Information to an Unauthorized Actor}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/200.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe269,
author = {{MITRE Corporation}},
title = {{CWE-269: Improper Privilege Management}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/269.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe284,
author = {{MITRE Corporation}},
title = {{CWE-284: Improper Access Control}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/284.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe311,
author = {{MITRE Corporation}},
title = {{CWE-311: Missing Encryption of Sensitive Data}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/311.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe345,
author = {{MITRE Corporation}},
title = {{CWE-345: Insufficient Verification of Data Authenticity}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/345.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe732,
author = {{MITRE Corporation}},
title = {{CWE-732: Incorrect Permission Assignment for Critical Resource}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/732.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe1357,
author = {{MITRE Corporation}},
title = {{CWE-1357: Reliance on Insufficiently Trustworthy Component}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/1357.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK Neue Taktiken & Techniken ────────────────────────────────
@misc{ta0001,
author = {{MITRE Corporation}},
title = {{TA0001: Initial Access}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0001/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0009,
author = {{MITRE Corporation}},
title = {{TA0009: Collection}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0009/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0010,
author = {{MITRE Corporation}},
title = {{TA0010: Exfiltration}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0010/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0011,
author = {{MITRE Corporation}},
title = {{TA0011: Command and Control}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0011/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0040,
author = {{MITRE Corporation}},
title = {{TA0040: Impact}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0040/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1052,
author = {{MITRE Corporation}},
title = {{T1052: Exfiltration Over Physical Medium}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1052/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1195,
author = {{MITRE Corporation}},
title = {{T1195: Supply Chain Compromise}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1195/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1486,
author = {{MITRE Corporation}},
title = {{T1486: Data Encrypted for Impact}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1486/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1491,
author = {{MITRE Corporation}},
title = {{T1491: Defacement}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1491/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1499,
author = {{MITRE Corporation}},
title = {{T1499: Endpoint Denial of Service}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1499/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1565,
author = {{MITRE Corporation}},
title = {{T1565: Data Manipulation}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1565/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1567,
author = {{MITRE Corporation}},
title = {{T1567: Exfiltration Over Web Service}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1567/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1583,
author = {{MITRE Corporation}},
title = {{T1583: Acquire Infrastructure}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1583/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1591,
author = {{MITRE Corporation}},
title = {{T1591: Gather Victim Org Information}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1591/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1593,
author = {{MITRE Corporation}},
title = {{T1593: Search Open Websites/Domains}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1593/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1657,
author = {{MITRE Corporation}},
title = {{T1657: Financial Theft}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1657/},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE D3FEND - Defensive Gegenmaßnahmen ─────────────────────────────────
@misc{d3anci,
author = {{MITRE Corporation}},
title = {{D3-ANCI: Authentication Cache Invalidation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:AuthenticationCacheInvalidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cf,
author = {{MITRE Corporation}},
title = {{D3-CF: Content Filtering}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentFiltering/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ch,
author = {{MITRE Corporation}},
title = {{D3-CH: Credential Hardening}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialHardening/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cts,
author = {{MITRE Corporation}},
title = {{D3-CTS: Credential Transmission Scoping}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialTransmissionScoping/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cv,
author = {{MITRE Corporation}},
title = {{D3-CV: Content Validation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentValidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3dqsa,
author = {{MITRE Corporation}},
title = {{D3-DQSA: Database Query String Analysis}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:DatabaseQueryStringAnalysis/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ma,
author = {{MITRE Corporation}},
title = {{D3-MA: Message Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:MessageAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3mfa,
author = {{MITRE Corporation}},
title = {{D3-MFA: Multi-factor Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:Multi-factorAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3spp,
author = {{MITRE Corporation}},
title = {{D3-SPP: Strong Password Policy}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:StrongPasswordPolicy/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cspp,
author = {{MITRE Corporation}},
title = {{D3-CSPP: Client-Server Payload Profiling}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:Client-ServerPayloadProfiling/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3mencr,
author = {{MITRE Corporation}},
title = {{D3-MENCR: Message Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:MessageEncryption/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3fe,
author = {{MITRE Corporation}},
title = {{D3-FE: File Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:FileEncryption/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3nta,
author = {{MITRE Corporation}},
title = {{D3-NTA: Network Traffic Analysis}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:NetworkTrafficAnalysis/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3dencr,
author = {{MITRE Corporation}},
title = {{D3-DENCR: Disk Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:DiskEncryption/},
note = {Abgerufen am 16.06.2026}
}
% ── CWE Weitere Einträge (4a-Vertiefung) ──────────────────────────────────
@misc{cwe312,
author = {{MITRE Corporation}},
title = {{CWE-312: Cleartext Storage of Sensitive Information}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/312.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe668,
author = {{MITRE Corporation}},
title = {{CWE-668: Exposure of Resource to Wrong Sphere}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/668.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe1390,
author = {{MITRE Corporation}},
title = {{CWE-1390: Weak Authentication}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/1390.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK Weitere Techniken (4a-Vertiefung) ───────────────────────
@misc{t1530,
author = {{MITRE Corporation}},
title = {{T1530: Data from Cloud Storage}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1530/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1213,
author = {{MITRE Corporation}},
title = {{T1213: Data from Information Repositories}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1213/},
note = {Abgerufen am 16.06.2026}
}
% ── Sonstige ────────────────────────────────────────────────────────────────
@misc{safe_harbor,
author = {{Security Alliance}},
title = {{Coordinated Vulnerability Disclosure Safe Harbor Framework}},
year = {2024},
url = {https://frameworks.securityalliance.org/safe-harbor/overview/},
note = {Abgerufen am 16.06.2026}
}
templates/sm-defaults.yaml
+1
View File
@@ -2,6 +2,7 @@ from: markdown+smart+fenced_code_blocks+inline_code_attributes+bracketed_spans
to: pdf
# template wird im Makefile als absoluter Pfad übergeben (wegen cd-Aufruf)
pdf-engine: pdflatex
listings: true
citeproc: true
number-sections: true
standalone: true
templates/sm-template.tex
+15
View File
@@ -28,6 +28,8 @@
\usepackage{graphicx}
\usepackage{caption}
\usepackage{subcaption}
% pandoc 3.x sets \LTcaptype=none for captionless longtables; caption tries to \stepcounter{none}
\newcounter{none}
\usepackage{xcolor}
\makeatletter
\def\maxwidth{\ifdim\Gin@nat@width>\linewidth\linewidth\else\Gin@nat@width\fi}
@@ -42,10 +44,21 @@
% --- Code ---
\usepackage{fancyvrb}
\usepackage{listings}
\lstset{
basicstyle=\ttfamily\small,
breaklines=true,
breakatwhitespace=false,
columns=fullflexible,
keepspaces=true,
}
$if(highlighting-macros)$
$highlighting-macros$
$endif$
% ngerman macht " zu einem aktiven Shorthand ("u→ü, "a→ä, "r→Trennung).
% Da Umlaute direkt als UTF-8 geschrieben werden, ist der Shorthand nicht nötig.
\AtBeginDocument{\shorthandoff{"}}
% --- Hyperlinks ---
\usepackage{hyperref}
\hypersetup{
@@ -61,10 +74,12 @@ $endif$
% --- Pandoc compatibility ---
\providecommand{\tightlist}{%
\setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}}
\providecommand{\passthrough}[1]{#1}
% --- Absatzformatierung: kein Einzug, sichtbarer Abstand zwischen Absaetzen ---
\setlength{\parindent}{0pt}
\setlength{\parskip}{0.6\baselineskip}
\setlength{\emergencystretch}{3em}
% --- Section breaks: jede H1 (section) beginnt auf einer neuen Seite ---
\let\oldsection\section