meirjann/uni-sose26-sm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
uni-sose26-sm/abgaben/referenzen.bib
T
Jannik Meier 7e39a3bd19 feat: new sources
2026-06-16 20:51:46 +02:00

841 lines
29 KiB
BibTeX
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
% Referenzen für 4ca - Bedrohungsmodellierung / OWASP
@misc{owasp_top10_2021,
author = {{OWASP Foundation}},
title = {{OWASP Top 10:2021}},
year = {2021},
url = {https://owasp.org/Top10/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_asvs,
author = {{OWASP Foundation}},
title = {{Application Security Verification Standard (ASVS) v4.0.3}},
year = {2021},
url = {https://owasp.org/www-project-application-security-verification-standard/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_risk_rating,
author = {{OWASP Foundation}},
title = {{OWASP Risk Rating Methodology}},
year = {2021},
url = {https://owasp.org/www-community/OWASP_Risk_Rating_Methodology},
note = {Abgerufen am 09.06.2026}
}
@misc{cwe_mitre,
author = {{MITRE Corporation}},
title = {{Common Weakness Enumeration (CWE)}},
year = {2024},
url = {https://cwe.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{mitre_attack,
author = {{MITRE Corporation}},
title = {{MITRE ATT\&CK Enterprise Matrix}},
year = {2024},
url = {https://attack.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@techreport{nist_sp800_53,
author = {{National Institute of Standards and Technology}},
title = {{Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5)}},
institution = {NIST},
year = {2020},
number = {SP 800-53 Rev. 5},
doi = {10.6028/NIST.SP.800-53r5}
}
@techreport{bsi_app31,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{IT-Grundschutz-Baustein APP.3.1: Webanwendungen und Webservices}},
institution = {BSI},
year = {2023},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/IT_Grundschutz_Kompendium_Edition2023.pdf}
}
@techreport{nist_pqc_2024,
author = {{National Institute of Standards and Technology}},
title = {{Post-Quantum Cryptography Standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)}},
institution = {NIST},
year = {2024},
url = {https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization}
}
@misc{spycloud_2024,
author = {{SpyCloud}},
title = {{Annual Identity Exposure Report 2024}},
year = {2024},
url = {https://spycloud.com/resource/2024-annual-identity-exposure-report/},
note = {Abgerufen am 09.06.2026}
}
@misc{mandiant_mtrends_2024,
author = {{Mandiant}},
title = {{M-Trends 2024: Special Report}},
year = {2024},
url = {https://www.mandiant.com/m-trends},
note = {Abgerufen am 09.06.2026}
}
@misc{uber_breach_2022,
author = {{Uber Technologies}},
title = {{Security Update -- September 2022}},
year = {2022},
url = {https://www.uber.com/newsroom/security-update/},
note = {Abgerufen am 09.06.2026}
}
@misc{capitalone_breach_2019,
author = {Krebs, Brian},
title = {{Capital One Data Theft Impacts 106M People}},
howpublished = {KrebsOnSecurity},
year = {2019},
url = {https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/},
note = {Abgerufen am 09.06.2026}
}
@misc{twitter_plaintext_2018,
author = {{Twitter}},
title = {{Keeping your account secure}},
year = {2018},
url = {https://blog.twitter.com/en_us/topics/company/2018/keeping-your-account-secure},
note = {Abgerufen am 09.06.2026}
}
@misc{cve_log4shell,
author = {{MITRE Corporation}},
title = {{CVE-2021-44228: Apache Log4j2 Remote Code Execution (Log4Shell)}},
year = {2021},
url = {https://nvd.nist.gov/vuln/detail/CVE-2021-44228},
note = {National Vulnerability Database}
}
@misc{cve_spring4shell,
author = {{MITRE Corporation}},
title = {{CVE-2022-22965: Spring Framework Remote Code Execution (Spring4Shell)}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-22965},
note = {National Vulnerability Database}
}
@misc{cve_confluence_2022,
author = {{MITRE Corporation}},
title = {{CVE-2022-26134: Confluence Server OGNL Injection}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-26134},
note = {National Vulnerability Database}
}
@misc{cve_freak,
author = {{MITRE Corporation}},
title = {{CVE-2015-0204: FREAK - Factoring RSA Export Keys}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-0204},
note = {National Vulnerability Database}
}
@misc{cve_logjam,
author = {{MITRE Corporation}},
title = {{CVE-2015-4000: Logjam TLS Downgrade Attack}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-4000},
note = {National Vulnerability Database}
}
@misc{cve_crime,
author = {{MITRE Corporation}},
title = {{CVE-2012-4929: CRIME -- Compression Ratio Info-leak Made Easy}},
year = {2012},
url = {https://nvd.nist.gov/vuln/detail/CVE-2012-4929},
note = {National Vulnerability Database}
}
@misc{cve_jackson_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-7525: Jackson-databind Deserialization Vulnerability}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-7525},
note = {National Vulnerability Database}
}
@misc{cve_jquery_2019,
author = {{MITRE Corporation}},
title = {{CVE-2019-11358: jQuery Prototype Pollution}},
year = {2019},
url = {https://nvd.nist.gov/vuln/detail/CVE-2019-11358},
note = {National Vulnerability Database}
}
@misc{cve_dompurify_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-26870: DOMPurify Mutation XSS Bypass}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-26870},
note = {National Vulnerability Database}
}
@misc{cve_exchange_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-0688: Microsoft Exchange Server Remote Code Execution}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-0688},
note = {National Vulnerability Database}
}
@misc{iso_27001,
author = {{International Organization for Standardization}},
title = {{ISO/IEC 27001:2022 -- Information Security Management Systems}},
year = {2022},
url = {https://www.iso.org/standard/82875.html}
}
@misc{nis2_directive,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Richtlinie (EU) 2022/2555 über Maßnahmen für ein hohes gemeinsames Cybersicherheitsniveau in der Union (NIS2)}},
year = {2022},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32022L2555}
}
@misc{dsgvo_art32,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2016/679 -- Datenschutz-Grundverordnung (DSGVO), Art. 32}},
year = {2016},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679}
}
@misc{fido2_webauthn,
author = {{W3C and FIDO Alliance}},
title = {{Web Authentication (WebAuthn) Level 2}},
year = {2021},
url = {https://www.w3.org/TR/webauthn-2/},
note = {W3C Recommendation}
}
@article{bell_lapadula,
author = {Bell, D. E. and LaPadula, L. J.},
title = {{Secure Computer Systems: Mathematical Foundations}},
journal = {MITRE Technical Report MTR-2547},
year = {1973},
institution = {The MITRE Corporation}
}
@misc{akamai_soti_2024,
author = {{Akamai Technologies}},
title = {{State of the Internet / Security: Credential Stuffing Report}},
year = {2024},
url = {https://www.akamai.com/resources/state-of-the-internet/soti-security},
note = {Abgerufen am 09.06.2026}
}
@misc{hibp,
author = {Hunt, Troy},
title = {{Have I Been Pwned -- Check if your email has been compromised}},
year = {2013},
url = {https://haveibeenpwned.com/},
note = {Abgerufen am 09.06.2026}
}
@techreport{rfc9106_argon2,
author = {Biryukov, Alex and Dinu, Daniel and Khovratovich, Dmitry and Josefsson, Simon},
title = {{Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications (RFC 9106)}},
institution = {IETF},
year = {2021},
number = {RFC 9106},
doi = {10.17487/RFC9106}
}
@misc{owasp_sqli_cheatsheet,
author = {{OWASP Foundation}},
title = {{SQL Injection Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_csrf_cheatsheet,
author = {{OWASP Foundation}},
title = {{Cross-Site Request Forgery Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{doyensec_2023,
author = {{Doyensec}},
title = {{Threat Intelligence Platform Security Assessment -- Findings Summary}},
year = {2023},
note = {Interner Penetrationstest-Bericht; nicht öffentlich zugänglich}
}
@misc{cve_jenkins_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-1000353: Jenkins Remote Code Execution via Unsafe Deserialization}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-1000353},
note = {National Vulnerability Database}
}
@misc{trusted_types_w3c,
author = {{W3C}},
title = {{Trusted Types -- W3C Working Draft}},
year = {2024},
url = {https://w3c.github.io/trusted-types/dist/spec/},
note = {Abgerufen am 09.06.2026}
}
% ── Neue Quellen (3b-Vertiefung) ────────────────────────────────────────────
@misc{bsi_grundschutz_online_kurs,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{Online-Kurs IT-Grundschutz -- Lektion 1: Einführung}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/Zertifizierte-Informationssicherheit/IT-Grundschutzschulung/Online-Kurs-IT-Grundschutz/online-kurs-it-grundschutz_node.html},
note = {Abgerufen am 09.06.2026}
}
@misc{bsi_standards,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standards zur Informationssicherheit}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/BSI-Standards/bsi-standards_node.html},
note = {Abgerufen am 09.06.2026}
}
@techreport{bsi_200_2,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-2: IT-Grundschutz-Methodik}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_2.pdf}
}
@techreport{bsi_200_3,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-3: Risikoanalyse auf der Basis von IT-Grundschutz}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_3.pdf}
}
@misc{bdsg_2018,
author = {{Bundesrepublik Deutschland}},
title = {{Bundesdatenschutzgesetz (BDSG) in der Fassung vom 30.06.2017}},
year = {2017},
url = {https://www.gesetze-im-internet.de/bdsg_2018/},
note = {BGBl. I S. 2097}
}
@techreport{iso_31000,
author = {{International Organization for Standardization}},
title = {{ISO 31000:2018 -- Risk Management: Guidelines}},
institution = {ISO},
year = {2018},
number = {ISO 31000:2018},
url = {https://www.iso.org/standard/65694.html}
}
@misc{iec_62443,
author = {{International Electrotechnical Commission}},
title = {{IEC 62443: Security for Industrial Automation and Control Systems}},
year = {2023},
url = {https://www.iec.ch/iecnorm/4716/}
}
@misc{iec_61508,
author = {{International Electrotechnical Commission}},
title = {{IEC 61508: Functional Safety of E/E/PE Safety-Related Systems}},
year = {2010},
url = {https://www.iec.ch/functionalsafety/}
}
@misc{eu_cra,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2024/2847 -- Cyber Resilience Act (CRA)}},
year = {2024},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32024R2847}
}
@misc{mitre_capec,
author = {{MITRE Corporation}},
title = {{Common Attack Pattern Enumeration and Classification (CAPEC)}},
year = {2024},
url = {https://capec.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{enisa_threat_landscape,
author = {{European Union Agency for Cybersecurity (ENISA)}},
title = {{ENISA Threat Landscape 2024}},
year = {2024},
url = {https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024},
note = {Abgerufen am 09.06.2026}
}
% ── CWE - Common Weakness Enumeration ───────────────────────────────────────
@misc{cwe20,
author = {{MITRE Corporation}},
title = {{CWE-20: Improper Input Validation}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/20.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe89,
author = {{MITRE Corporation}},
title = {{CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/89.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe287,
author = {{MITRE Corporation}},
title = {{CWE-287: Improper Authentication}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/287.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe307,
author = {{MITRE Corporation}},
title = {{CWE-307: Improper Restriction of Excessive Authentication Attempts}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/307.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe502,
author = {{MITRE Corporation}},
title = {{CWE-502: Deserialization of Untrusted Data}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/502.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe521,
author = {{MITRE Corporation}},
title = {{CWE-521: Weak Password Requirements}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/521.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe611,
author = {{MITRE Corporation}},
title = {{CWE-611: Improper Restriction of XML External Entity Reference}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/611.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK - Offensive Taktiken ───────────────────────────────────────
@misc{t1059,
author = {{MITRE Corporation}},
title = {{T1059: Command and Scripting Interpreter}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1059/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1078,
author = {{MITRE Corporation}},
title = {{T1078: Valid Accounts}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1078/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1110004,
author = {{MITRE Corporation}},
title = {{T1110.004: Brute Force -- Credential Stuffing}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1110/004/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1190,
author = {{MITRE Corporation}},
title = {{T1190: Exploit Public-Facing Application}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1190/},
note = {Abgerufen am 16.06.2026}
}
% ── CWE Neue Einträge ──────────────────────────────────────────────────────
@misc{cwe22,
author = {{MITRE Corporation}},
title = {{CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/22.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe79,
author = {{MITRE Corporation}},
title = {{CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/79.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe200,
author = {{MITRE Corporation}},
title = {{CWE-200: Exposure of Sensitive Information to an Unauthorized Actor}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/200.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe269,
author = {{MITRE Corporation}},
title = {{CWE-269: Improper Privilege Management}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/269.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe284,
author = {{MITRE Corporation}},
title = {{CWE-284: Improper Access Control}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/284.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe311,
author = {{MITRE Corporation}},
title = {{CWE-311: Missing Encryption of Sensitive Data}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/311.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe345,
author = {{MITRE Corporation}},
title = {{CWE-345: Insufficient Verification of Data Authenticity}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/345.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe732,
author = {{MITRE Corporation}},
title = {{CWE-732: Incorrect Permission Assignment for Critical Resource}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/732.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe1357,
author = {{MITRE Corporation}},
title = {{CWE-1357: Reliance on Insufficiently Trustworthy Component}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/1357.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK Neue Taktiken & Techniken ────────────────────────────────
@misc{ta0001,
author = {{MITRE Corporation}},
title = {{TA0001: Initial Access}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0001/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0009,
author = {{MITRE Corporation}},
title = {{TA0009: Collection}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0009/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0010,
author = {{MITRE Corporation}},
title = {{TA0010: Exfiltration}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0010/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0011,
author = {{MITRE Corporation}},
title = {{TA0011: Command and Control}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0011/},
note = {Abgerufen am 16.06.2026}
}
@misc{ta0040,
author = {{MITRE Corporation}},
title = {{TA0040: Impact}},
year = {2024},
url = {https://attack.mitre.org/tactics/TA0040/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1052,
author = {{MITRE Corporation}},
title = {{T1052: Exfiltration Over Physical Medium}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1052/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1195,
author = {{MITRE Corporation}},
title = {{T1195: Supply Chain Compromise}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1195/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1486,
author = {{MITRE Corporation}},
title = {{T1486: Data Encrypted for Impact}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1486/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1491,
author = {{MITRE Corporation}},
title = {{T1491: Defacement}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1491/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1499,
author = {{MITRE Corporation}},
title = {{T1499: Endpoint Denial of Service}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1499/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1565,
author = {{MITRE Corporation}},
title = {{T1565: Data Manipulation}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1565/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1567,
author = {{MITRE Corporation}},
title = {{T1567: Exfiltration Over Web Service}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1567/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1583,
author = {{MITRE Corporation}},
title = {{T1583: Acquire Infrastructure}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1583/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1591,
author = {{MITRE Corporation}},
title = {{T1591: Gather Victim Org Information}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1591/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1593,
author = {{MITRE Corporation}},
title = {{T1593: Search Open Websites/Domains}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1593/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1657,
author = {{MITRE Corporation}},
title = {{T1657: Financial Theft}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1657/},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE D3FEND - Defensive Gegenmaßnahmen ─────────────────────────────────
@misc{d3anci,
author = {{MITRE Corporation}},
title = {{D3-ANCI: Authentication Cache Invalidation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:AuthenticationCacheInvalidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cf,
author = {{MITRE Corporation}},
title = {{D3-CF: Content Filtering}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentFiltering/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ch,
author = {{MITRE Corporation}},
title = {{D3-CH: Credential Hardening}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialHardening/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cts,
author = {{MITRE Corporation}},
title = {{D3-CTS: Credential Transmission Scoping}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialTransmissionScoping/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cv,
author = {{MITRE Corporation}},
title = {{D3-CV: Content Validation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentValidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3dqsa,
author = {{MITRE Corporation}},
title = {{D3-DQSA: Database Query String Analysis}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:DatabaseQueryStringAnalysis/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ma,
author = {{MITRE Corporation}},
title = {{D3-MA: Message Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:MessageAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3mfa,
author = {{MITRE Corporation}},
title = {{D3-MFA: Multi-factor Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:Multi-factorAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3spp,
author = {{MITRE Corporation}},
title = {{D3-SPP: Strong Password Policy}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:StrongPasswordPolicy/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cspp,
author = {{MITRE Corporation}},
title = {{D3-CSPP: Client-Server Payload Profiling}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:Client-ServerPayloadProfiling/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3mencr,
author = {{MITRE Corporation}},
title = {{D3-MENCR: Message Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:MessageEncryption/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3fe,
author = {{MITRE Corporation}},
title = {{D3-FE: File Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:FileEncryption/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3nta,
author = {{MITRE Corporation}},
title = {{D3-NTA: Network Traffic Analysis}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:NetworkTrafficAnalysis/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3dencr,
author = {{MITRE Corporation}},
title = {{D3-DENCR: Disk Encryption}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:DiskEncryption/},
note = {Abgerufen am 16.06.2026}
}
% ── CWE Weitere Einträge (4a-Vertiefung) ──────────────────────────────────
@misc{cwe312,
author = {{MITRE Corporation}},
title = {{CWE-312: Cleartext Storage of Sensitive Information}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/312.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe668,
author = {{MITRE Corporation}},
title = {{CWE-668: Exposure of Resource to Wrong Sphere}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/668.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe1390,
author = {{MITRE Corporation}},
title = {{CWE-1390: Weak Authentication}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/1390.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK Weitere Techniken (4a-Vertiefung) ───────────────────────
@misc{t1530,
author = {{MITRE Corporation}},
title = {{T1530: Data from Cloud Storage}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1530/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1213,
author = {{MITRE Corporation}},
title = {{T1213: Data from Information Repositories}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1213/},
note = {Abgerufen am 16.06.2026}
}
% ── Sonstige ────────────────────────────────────────────────────────────────
@misc{safe_harbor,
author = {{Security Alliance}},
title = {{Coordinated Vulnerability Disclosure Safe Harbor Framework}},
year = {2024},
url = {https://frameworks.securityalliance.org/safe-harbor/overview/},
note = {Abgerufen am 16.06.2026}
}
Reference in New Issue View Git Blame Copy Permalink