meirjann/uni-sose26-sm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
faa69fc0b3e9aaca38f8dd20274080a3dbdc5dfd
uni-sose26-sm/abgaben/referenzen.bib
T
Jannik Meier faa69fc0b3 fix: ambiguous symbols
2026-06-16 20:35:42 +02:00

543 lines
19 KiB
BibTeX
Raw Blame History

% Referenzen für 4ca - Bedrohungsmodellierung / OWASP
@misc{owasp_top10_2021,
author = {{OWASP Foundation}},
title = {{OWASP Top 10:2021}},
year = {2021},
url = {https://owasp.org/Top10/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_asvs,
author = {{OWASP Foundation}},
title = {{Application Security Verification Standard (ASVS) v4.0.3}},
year = {2021},
url = {https://owasp.org/www-project-application-security-verification-standard/},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_risk_rating,
author = {{OWASP Foundation}},
title = {{OWASP Risk Rating Methodology}},
year = {2021},
url = {https://owasp.org/www-community/OWASP_Risk_Rating_Methodology},
note = {Abgerufen am 09.06.2026}
}
@misc{cwe_mitre,
author = {{MITRE Corporation}},
title = {{Common Weakness Enumeration (CWE)}},
year = {2024},
url = {https://cwe.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{mitre_attack,
author = {{MITRE Corporation}},
title = {{MITRE ATT\&CK Enterprise Matrix}},
year = {2024},
url = {https://attack.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@techreport{nist_sp800_53,
author = {{National Institute of Standards and Technology}},
title = {{Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5)}},
institution = {NIST},
year = {2020},
number = {SP 800-53 Rev. 5},
doi = {10.6028/NIST.SP.800-53r5}
}
@techreport{bsi_app31,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{IT-Grundschutz-Baustein APP.3.1: Webanwendungen und Webservices}},
institution = {BSI},
year = {2023},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/IT_Grundschutz_Kompendium_Edition2023.pdf}
}
@techreport{nist_pqc_2024,
author = {{National Institute of Standards and Technology}},
title = {{Post-Quantum Cryptography Standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)}},
institution = {NIST},
year = {2024},
url = {https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization}
}
@misc{spycloud_2024,
author = {{SpyCloud}},
title = {{Annual Identity Exposure Report 2024}},
year = {2024},
url = {https://spycloud.com/resource/2024-annual-identity-exposure-report/},
note = {Abgerufen am 09.06.2026}
}
@misc{mandiant_mtrends_2024,
author = {{Mandiant}},
title = {{M-Trends 2024: Special Report}},
year = {2024},
url = {https://www.mandiant.com/m-trends},
note = {Abgerufen am 09.06.2026}
}
@misc{uber_breach_2022,
author = {{Uber Technologies}},
title = {{Security Update -- September 2022}},
year = {2022},
url = {https://www.uber.com/newsroom/security-update/},
note = {Abgerufen am 09.06.2026}
}
@misc{capitalone_breach_2019,
author = {Krebs, Brian},
title = {{Capital One Data Theft Impacts 106M People}},
howpublished = {KrebsOnSecurity},
year = {2019},
url = {https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/},
note = {Abgerufen am 09.06.2026}
}
@misc{twitter_plaintext_2018,
author = {{Twitter}},
title = {{Keeping your account secure}},
year = {2018},
url = {https://blog.twitter.com/en_us/topics/company/2018/keeping-your-account-secure},
note = {Abgerufen am 09.06.2026}
}
@misc{cve_log4shell,
author = {{MITRE Corporation}},
title = {{CVE-2021-44228: Apache Log4j2 Remote Code Execution (Log4Shell)}},
year = {2021},
url = {https://nvd.nist.gov/vuln/detail/CVE-2021-44228},
note = {National Vulnerability Database}
}
@misc{cve_spring4shell,
author = {{MITRE Corporation}},
title = {{CVE-2022-22965: Spring Framework Remote Code Execution (Spring4Shell)}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-22965},
note = {National Vulnerability Database}
}
@misc{cve_confluence_2022,
author = {{MITRE Corporation}},
title = {{CVE-2022-26134: Confluence Server OGNL Injection}},
year = {2022},
url = {https://nvd.nist.gov/vuln/detail/CVE-2022-26134},
note = {National Vulnerability Database}
}
@misc{cve_freak,
author = {{MITRE Corporation}},
title = {{CVE-2015-0204: FREAK - Factoring RSA Export Keys}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-0204},
note = {National Vulnerability Database}
}
@misc{cve_logjam,
author = {{MITRE Corporation}},
title = {{CVE-2015-4000: Logjam TLS Downgrade Attack}},
year = {2015},
url = {https://nvd.nist.gov/vuln/detail/CVE-2015-4000},
note = {National Vulnerability Database}
}
@misc{cve_crime,
author = {{MITRE Corporation}},
title = {{CVE-2012-4929: CRIME -- Compression Ratio Info-leak Made Easy}},
year = {2012},
url = {https://nvd.nist.gov/vuln/detail/CVE-2012-4929},
note = {National Vulnerability Database}
}
@misc{cve_jackson_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-7525: Jackson-databind Deserialization Vulnerability}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-7525},
note = {National Vulnerability Database}
}
@misc{cve_jquery_2019,
author = {{MITRE Corporation}},
title = {{CVE-2019-11358: jQuery Prototype Pollution}},
year = {2019},
url = {https://nvd.nist.gov/vuln/detail/CVE-2019-11358},
note = {National Vulnerability Database}
}
@misc{cve_dompurify_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-26870: DOMPurify Mutation XSS Bypass}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-26870},
note = {National Vulnerability Database}
}
@misc{cve_exchange_2020,
author = {{MITRE Corporation}},
title = {{CVE-2020-0688: Microsoft Exchange Server Remote Code Execution}},
year = {2020},
url = {https://nvd.nist.gov/vuln/detail/CVE-2020-0688},
note = {National Vulnerability Database}
}
@misc{iso_27001,
author = {{International Organization for Standardization}},
title = {{ISO/IEC 27001:2022 -- Information Security Management Systems}},
year = {2022},
url = {https://www.iso.org/standard/82875.html}
}
@misc{nis2_directive,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Richtlinie (EU) 2022/2555 über Maßnahmen für ein hohes gemeinsames Cybersicherheitsniveau in der Union (NIS2)}},
year = {2022},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32022L2555}
}
@misc{dsgvo_art32,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2016/679 -- Datenschutz-Grundverordnung (DSGVO), Art. 32}},
year = {2016},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679}
}
@misc{fido2_webauthn,
author = {{W3C and FIDO Alliance}},
title = {{Web Authentication (WebAuthn) Level 2}},
year = {2021},
url = {https://www.w3.org/TR/webauthn-2/},
note = {W3C Recommendation}
}
@article{bell_lapadula,
author = {Bell, D. E. and LaPadula, L. J.},
title = {{Secure Computer Systems: Mathematical Foundations}},
journal = {MITRE Technical Report MTR-2547},
year = {1973},
institution = {The MITRE Corporation}
}
@misc{akamai_soti_2024,
author = {{Akamai Technologies}},
title = {{State of the Internet / Security: Credential Stuffing Report}},
year = {2024},
url = {https://www.akamai.com/resources/state-of-the-internet/soti-security},
note = {Abgerufen am 09.06.2026}
}
@misc{hibp,
author = {Hunt, Troy},
title = {{Have I Been Pwned -- Check if your email has been compromised}},
year = {2013},
url = {https://haveibeenpwned.com/},
note = {Abgerufen am 09.06.2026}
}
@techreport{rfc9106_argon2,
author = {Biryukov, Alex and Dinu, Daniel and Khovratovich, Dmitry and Josefsson, Simon},
title = {{Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications (RFC 9106)}},
institution = {IETF},
year = {2021},
number = {RFC 9106},
doi = {10.17487/RFC9106}
}
@misc{owasp_sqli_cheatsheet,
author = {{OWASP Foundation}},
title = {{SQL Injection Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{owasp_csrf_cheatsheet,
author = {{OWASP Foundation}},
title = {{Cross-Site Request Forgery Prevention Cheat Sheet}},
year = {2024},
url = {https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html},
note = {Abgerufen am 09.06.2026}
}
@misc{doyensec_2023,
author = {{Doyensec}},
title = {{Threat Intelligence Platform Security Assessment -- Findings Summary}},
year = {2023},
note = {Interner Penetrationstest-Bericht; nicht öffentlich zugänglich}
}
@misc{cve_jenkins_2017,
author = {{MITRE Corporation}},
title = {{CVE-2017-1000353: Jenkins Remote Code Execution via Unsafe Deserialization}},
year = {2017},
url = {https://nvd.nist.gov/vuln/detail/CVE-2017-1000353},
note = {National Vulnerability Database}
}
@misc{trusted_types_w3c,
author = {{W3C}},
title = {{Trusted Types -- W3C Working Draft}},
year = {2024},
url = {https://w3c.github.io/trusted-types/dist/spec/},
note = {Abgerufen am 09.06.2026}
}
% ── Neue Quellen (3b-Vertiefung) ────────────────────────────────────────────
@misc{bsi_grundschutz_online_kurs,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{Online-Kurs IT-Grundschutz -- Lektion 1: Einführung}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/Zertifizierte-Informationssicherheit/IT-Grundschutzschulung/Online-Kurs-IT-Grundschutz/online-kurs-it-grundschutz_node.html},
note = {Abgerufen am 09.06.2026}
}
@misc{bsi_standards,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standards zur Informationssicherheit}},
year = {2024},
url = {https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/IT-Grundschutz/BSI-Standards/bsi-standards_node.html},
note = {Abgerufen am 09.06.2026}
}
@techreport{bsi_200_2,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-2: IT-Grundschutz-Methodik}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_2.pdf}
}
@techreport{bsi_200_3,
author = {{Bundesamt für Sicherheit in der Informationstechnik}},
title = {{BSI-Standard 200-3: Risikoanalyse auf der Basis von IT-Grundschutz}},
institution = {BSI},
year = {2017},
url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_3.pdf}
}
@misc{bdsg_2018,
author = {{Bundesrepublik Deutschland}},
title = {{Bundesdatenschutzgesetz (BDSG) in der Fassung vom 30.06.2017}},
year = {2017},
url = {https://www.gesetze-im-internet.de/bdsg_2018/},
note = {BGBl. I S. 2097}
}
@techreport{iso_31000,
author = {{International Organization for Standardization}},
title = {{ISO 31000:2018 -- Risk Management: Guidelines}},
institution = {ISO},
year = {2018},
number = {ISO 31000:2018},
url = {https://www.iso.org/standard/65694.html}
}
@misc{iec_62443,
author = {{International Electrotechnical Commission}},
title = {{IEC 62443: Security for Industrial Automation and Control Systems}},
year = {2023},
url = {https://www.iec.ch/iecnorm/4716/}
}
@misc{iec_61508,
author = {{International Electrotechnical Commission}},
title = {{IEC 61508: Functional Safety of E/E/PE Safety-Related Systems}},
year = {2010},
url = {https://www.iec.ch/functionalsafety/}
}
@misc{eu_cra,
author = {{Europäisches Parlament und Rat der Europäischen Union}},
title = {{Verordnung (EU) 2024/2847 -- Cyber Resilience Act (CRA)}},
year = {2024},
url = {https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32024R2847}
}
@misc{mitre_capec,
author = {{MITRE Corporation}},
title = {{Common Attack Pattern Enumeration and Classification (CAPEC)}},
year = {2024},
url = {https://capec.mitre.org/},
note = {Abgerufen am 09.06.2026}
}
@misc{enisa_threat_landscape,
author = {{European Union Agency for Cybersecurity (ENISA)}},
title = {{ENISA Threat Landscape 2024}},
year = {2024},
url = {https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024},
note = {Abgerufen am 09.06.2026}
}
% ── CWE - Common Weakness Enumeration ───────────────────────────────────────
@misc{cwe20,
author = {{MITRE Corporation}},
title = {{CWE-20: Improper Input Validation}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/20.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe89,
author = {{MITRE Corporation}},
title = {{CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/89.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe287,
author = {{MITRE Corporation}},
title = {{CWE-287: Improper Authentication}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/287.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe307,
author = {{MITRE Corporation}},
title = {{CWE-307: Improper Restriction of Excessive Authentication Attempts}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/307.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe502,
author = {{MITRE Corporation}},
title = {{CWE-502: Deserialization of Untrusted Data}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/502.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe521,
author = {{MITRE Corporation}},
title = {{CWE-521: Weak Password Requirements}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/521.html},
note = {Abgerufen am 16.06.2026}
}
@misc{cwe611,
author = {{MITRE Corporation}},
title = {{CWE-611: Improper Restriction of XML External Entity Reference}},
year = {2024},
url = {https://cwe.mitre.org/data/definitions/611.html},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE ATT&CK - Offensive Taktiken ───────────────────────────────────────
@misc{t1059,
author = {{MITRE Corporation}},
title = {{T1059: Command and Scripting Interpreter}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1059/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1078,
author = {{MITRE Corporation}},
title = {{T1078: Valid Accounts}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1078/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1110004,
author = {{MITRE Corporation}},
title = {{T1110.004: Brute Force -- Credential Stuffing}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1110/004/},
note = {Abgerufen am 16.06.2026}
}
@misc{t1190,
author = {{MITRE Corporation}},
title = {{T1190: Exploit Public-Facing Application}},
year = {2024},
url = {https://attack.mitre.org/techniques/T1190/},
note = {Abgerufen am 16.06.2026}
}
% ── MITRE D3FEND - Defensive Gegenmaßnahmen ─────────────────────────────────
@misc{d3anci,
author = {{MITRE Corporation}},
title = {{D3-ANCI: Authentication Cache Invalidation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:AuthenticationCacheInvalidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cf,
author = {{MITRE Corporation}},
title = {{D3-CF: Content Filtering}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentFiltering/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ch,
author = {{MITRE Corporation}},
title = {{D3-CH: Credential Hardening}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialHardening/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cts,
author = {{MITRE Corporation}},
title = {{D3-CTS: Credential Transmission Scoping}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:CredentialTransmissionScoping/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3cv,
author = {{MITRE Corporation}},
title = {{D3-CV: Content Validation}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:ContentValidation/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3dqsa,
author = {{MITRE Corporation}},
title = {{D3-DQSA: Database Query String Analysis}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:DatabaseQueryStringAnalysis/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3ma,
author = {{MITRE Corporation}},
title = {{D3-MA: Message Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:MessageAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3mfa,
author = {{MITRE Corporation}},
title = {{D3-MFA: Multi-factor Authentication}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:Multi-factorAuthentication/},
note = {Abgerufen am 16.06.2026}
}
@misc{d3spp,
author = {{MITRE Corporation}},
title = {{D3-SPP: Strong Password Policy}},
year = {2024},
url = {https://d3fend.mitre.org/technique/d3f:StrongPasswordPolicy/},
note = {Abgerufen am 16.06.2026}
}
Reference in New Issue View Git Blame Copy Permalink