| ||
"Buffer Underruns, DEP, ASLR and Improving the Exploitation Prevention Mechanisms (XPMs) on the Windows Platform." September 30, 2005. http://www.ngssoftware.com/papers/xpms.pdf
"CERT Advisory CA-2001-19 'Code Red' Worm Exploiting Buffer Overflow in IIS Indexing Service DLL." http://www.cert.org/advisories/CA-2001-19.html
"Exploiting Format String Vulnerabilities." scut@teso.org. http://doc.bughunter.net/format-string/exploit-fs.html
"Format String Attack." Web Application Security Consortium. http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml
"Format String Problem." OWASP. http://www.owasp.org/index.php/Format_string_problem
Bishop, Matt and David Bailey. "A Critical Analysis of Vulnerability Taxonomies." CSE-96-11, September 1996. http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-11.pdf
blexim. " Basic Integer Overflows ." Phrack . Issue 60, Chapter 10. http://www.phrack.org/archives/60/p60-0x0a.txt
Christey, Steve. "Off-by-One Errors: A Brief Explanation." Secprog and SC-L mailing list posts, May 5, 2004
Flake, Halvar. "Third Generation Exploits." Presentation at Black Hat Europe 2001. http://www.blackhat.com/presentations/bh-europe-01/halvar-flake/bh-europe-01-halvarfl ake.ppt
Franz, Matt. "Fuzzing wiki." http://www.scadasec.net/secwiki/FuzzingTools
Howard, Michael. "Reviewing Code for Integer Manipulation Vulnerabilities." http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure04102003.asp
Howard, Michael. "When Scrubbing Secrets in Memory Doesn't Work." Bugtraq, November 5, 2002. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure10102002.asp
McGraw, Gary and Greg Hoglund. Exploiting Software: How to Break Code . Boston: Addison Wesley, 2004
Newsham, Tim. "Format String Attacks." Guardent. September 2000. http://www.lava.net/~newsham/format-string-attacks.pdf
PLOVER. Mitre. http://www.cve.mitre.org/docs/plover/
Wagner, Joseph. "GNU GCC: Optimizer Removes Code Necessary for Security." Bugtraq, November 16, 2002. http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-11/0257.html