@book{wahh,author="Dafydd Stuttard and Marcus Pinto",title="The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition",year="2011",publisher="John Wiley \& Sons Inc",isbn="978-111802647"}@techreport{owasptop10,title="OWASP Top 10 - 2017 (The Ten Most Critical Web Application Security Risks)",url="https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf",institution="The OWASP Foundation",year="2017"}@misc{lyndaowasptop10,author="Caroline Wong",title="Learning the OWASP Top 10",url="https://lynda.com/IT-Infrastructure-tutorials/Learning-OWASP-Top-10/642483-2.html",publisher="Lynda.com",year="2018"}@misc{cerntalk,author="Michael Coates",title="Application Security - Understanding, Exploiting and Defending against Top Web Vulnerabilities",url="https://youtu.be/sY7pUJU8a7U",publisher="CernerEng",year="2014"}@article{mobappsec,author="Sarah Vonnegut",title="Mobile Application Security: 15 Best Practices for App Developers",journal="Checkmarx",month="8",year="2015",url="https://www.checkmarx.com/2015/08/19/mobile"}@techreport{sbd,title="Security by Design Principles",url="https://owasp.org/index.php?title=Security_by_Design_Principles&oldid=220008",institution="The OWASP Foundation",year="2016"}@techreport{sdl,title="Simplified Implementation of the Microsoft SDL",url="https://microsoft.com/sdl",institution="Microsoft Corporation",year="2010"}@techreport{whatisappsec,title="What is application security",publisher="Veracode",url="http://vera.cd/1Qo7OHa",year="2015"}@article{appsecimp,author="Melissa Francis",title="The Importance of Application Security: A Few of the Benefits and Risks",journal="Veracode",month="1",year="2017",url="https://www.veracode.com/blog/intro-appsec/importance-application-security-few-benefits-and-risks"}@article{yahoobreaches,author="Jonathan Stempel",title="Data breach victims can sue Yahoo in the United States: judge",journal="Reuters",month="3",year="2018",url="https://www.reuters.com/article/us-verizon-yahoo-breach/data-breach-victims-can-sue-yahoo-in-the-united-states-judge-idUSKCN1GO1TL"}@article{iotsec,author="Lisa Froelings",title="Cybersecurity Threats in the Age of IoT",journal="CSO",month="2",year="2018",url="https://www.cso.com.au/article/632981/cybersecurity-threats-age-iot/"}@article{stolendata,title="What do Hackers do with Your Stolen Identity?",journal="Trend Micro",month="6",year="2017",url="https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/what-do-hackers-do-with-your-stolen-identity"}@techreport{sqlinjection,title="SQL Injection",institution="The OWASP Foundation",year="2016",url="https://www.owasp.org/index.php?title=SQL_Injection&oldid=212863"}@techreport{rfi,title="Testing for Remote File Inclusion",institution="The OWASP Foundation",year="2014",url="https://www.owasp.org/index.php?title=Testing_for_Remote_File_Inclusion&oldid=180313"}@techreport{cmdinjection,title="Command Injection",institution="The OWASP Foundation",year="2016",url="https://www.owasp.org/index.php?title=Command_Injection&oldid=220078"}@techreport{injectionprev,title="SQL Injection Prevention Cheat Sheet",institution="The OWASP Foundation",year="2018",url="https://www.owasp.org/index.php?title=SQL_Injection_Prevention_Cheat_Sheet&oldid=237384"}@techreport{xss,title="Cross-site Scripting (XSS)",institution="The OWASP Foundation",year="2018",url="https://www.owasp.org/index.php?title=Cross-site_Scripting_(XSS)&oldid=238389"}