1065:
2677:
2539:
1115:(CVSS). CVSS evaluates the possibility to exploit the vulnerability and compromise data confidentiality, availability, and integrity. It also considers how the vulnerability could be used and how complex an exploit would need to be. The amount of access needed for exploitation and whether it could take place without user interaction are also factored in to the overall score.
981:
an identified vulnerability and whether it is cost effective to do so. Although attention to security can reduce the risk of attack, achieving perfect security for a complex system is impossible, and many security measures have unacceptable cost or usability downsides. For example, reducing the complexity and functionality of the system is effective at reducing the
696:, a development workflow that emphasizes automated testing and deployment to speed up the deployment of new features, often requires that many developers be granted access to change configurations, which can lead to deliberate or inadvertent inclusion of vulnerabilities. Compartmentalizing dependencies, which is often part of DevOps workflows, can reduce the
682:. This can lead to unintended vulnerabilities. The more complex the system is, the easier it is for vulnerabilities to go undetected. Some vulnerabilities are deliberately planted, which could be for any reason from a disgruntled employee selling access to hackers, to sophisticated state-sponsored schemes to introduce vulnerabilities to software. Inadequate
1089:
the patch to confirm functionality and compatibility. Larger organizations may fail to identify and patch all dependencies, while smaller enterprises and personal users may not install patches. Research suggests that risk of cyberattack increases if the vulnerability is made publicly known or a patch
571:
or otherwise) is associated with an increased risk of compromise because attackers often move faster than patches are rolled out. Regardless of whether a patch is ever released to remediate the vulnerability, its lifecycle will eventually end when the system, or older versions of it, fall out of use.
980:
There is little evidence about the effectiveness and cost-effectiveness of different cyberattack prevention measures. Although estimating the risk of an attack is not straightforward, the mean time to breach and expected cost can be considered to determine the priority for remediating or mitigating
1077:(United States, United Kingdom, Canada, Australia, and New Zealand) captured the plurality of the market and other significant purchasers included Russia, India, Brazil, Malaysia, Singapore, North Korea, and Iran. Organized criminal groups also buy vulnerabilities, although they typically prefer
1072:
The vulnerability lifecycle begins when vulnerabilities are introduced into hardware or software. Detection of vulnerabilities can be by the software vendor, or by a third party. In the latter case, it is considered most ethical to immediately disclose the vulnerability to the vendor so it can be
1055:
attempts to enter the system via an exploit to see if the system is insecure. If a penetration test fails, it does not necessarily mean that the system is secure. Some penetration tests can be conducted with automated software that tests against existing exploits for known vulnerabilities. Other
1022:
Vulnerabilities can only be exploited when they are active-the software in which they are embedded is actively running on the system. Before the code containing the vulnerability is configured to run on the system, it is considered a carrier. Dormant vulnerabilities can run, but are not currently
677:
practices can affect the risk of vulnerabilities being introduced to a code base. Lack of knowledge about secure software development or excessive pressure to deliver features quickly can lead to avoidable vulnerabilities to enter production code, especially if security is not prioritized by the
542:
Despite intentions to achieve complete correctness, virtually all hardware and software contains bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it is called a vulnerability.
1135:
to those who report vulnerabilities to them. Not all companies respond positively to disclosures, as they can cause legal liability and operational overhead. There is no law requiring disclosure of vulnerabilities. If a vulnerability is discovered by a third party that does not disclose to the
554:
is a process that includes identifying systems and prioritizing which are most important, scanning for vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation (fixing the vulnerability), mitigation (increasing the difficulty or
786:
not to behave as expected under certain specific circumstances. Testing for security bugs in hardware is quite difficult due to limited time and the complexity of twenty-first century chips, while the globalization of design and manufacturing has increased the opportunity for these bugs to be
566:
A vulnerability is initiated when it is introduced into hardware or software. It becomes active and exploitable when the software or hardware containing the vulnerability is running. The vulnerability may be discovered by the vendor or a third party. Disclosing the vulnerability (as a
1084:
Even vulnerabilities that are publicly known or patched are often exploitable for an extended period. Security patches can take months to develop, or may never be developed. A patch can have negative effects on the functionality of software and users may need to
1014:
are typically unable to detect zero-day vulnerabilities, but are more effective at finding known vulnerabilities based on a database. These systems can find some known vulnerabilities and advise fixes, such as a patch. However, they have limitations including
993:
strategy is used for multiple barriers to attack. Some organizations scan for only the highest-risk vulnerabilities as this enables prioritization in the context of lacking the resources to fix every vulnerability. Increasing expenses is likely to have
1097:
Vulnerabilities become deprecated when the software or vulnerable versions fall out of use. This can take an extended period of time; in particular, industrial software may not be feasible to replace even if the manufacturer stops supporting it.
988:
Successful vulnerability management usually involves a combination of remediation (closing a vulnerability), mitigation (increasing the difficulty, and reducing the consequences, of exploits), and accepting some residual risk. Often a
1023:
running. Software containing dormant and carrier vulnerabilities can sometimes be uninstalled or disabled, removing the risk. Active vulnerabilities, if distinguished from the other types, can be prioritized for patching.
1184:
The software vendor is usually not legally liable for the cost if a vulnerability is used in an attack, which creates an incentive to make cheaper but less secure software. Some companies are covered by laws, such as
547:
practices as well as design factors such as complexity can increase the burden of vulnerabilities. There are different types most common in different components such as hardware, operating systems, and applications.
1131:, or coordinated disclosure). The former approach is praised for its transparency, but the drawback is that the risk of attack is likely to be increased after disclosure with no patch available. Some vendors pay
2208:
Agrafiotis, Ioannis; Nurse, Jason R C; Goldsmith, Michael; Creese, Sadie; Upton, David (2018). "A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate".
755:
comes into existence when configuration settings cause risks to the system security, leading to such faults as unpatched software or file system permissions that do not sufficiently restrict access.
915:
is insufficient to reject the injected code. XSS can be persistent, when attackers save the malware in a data field and run it when the data is loaded; it can also be loaded using a malicious
600:
by malicious actors, and the actual risk is dependent on the nature of the vulnerability as well as the value of the surrounding system. Although some vulnerabilities can only be used for
643:
Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw.
1073:
fixed. Government or intelligence agencies buy vulnerabilities that have not been publicly disclosed and may use them in an attack, stockpile them, or notify the vendor. As of 2013, the
802:
1043:
is a common strategy for reducing the harm that a cyberattack can cause. If a patch for third-party software is unavailable, it may be possible to temporarily disable the software.
1011:
958:
829:
and allow anyone to contribute, which could enable the introduction of vulnerabilities. However, the same vulnerabilities also occur in proprietary operating systems such as
752:
848:
are downloaded onto the end user's computers and are typically updated less frequently than web applications. Unlike web applications, they interact directly with a user's
1031:
Vulnerability mitigation is measures that do not close the vulnerability, but make it more difficult to exploit or reduce the consequences of an attack. Reducing the
1040:
555:
reducing the danger of exploits), and accepting risks that are not economical or practical to eliminate. Vulnerabilities can be scored for risk according to the
704:
is used, rather than the organization's own hardware and software, the organization is dependent on the cloud services provider to prevent vulnerabilities.
859:
243:
1186:
2571:
748:
When the system fails to handle and exceptional or unanticipated condition correctly, an attacker can exploit the situation to gain access.
1056:
penetration tests are conducted by trained hackers. Many companies prefer to contract out this work as it simulates an outsider attack.
2543:
523:
762:—when timing or other external factors change the outcome and lead to inconsistent or unpredictable results—can cause a vulnerability.
3115:
2049:
559:
or other systems, and added to vulnerability databases. As of 2023, there are more than 20 million vulnerabilities catalogued in the
2494:
The
Vulnerability Researcher's Handbook: A comprehensive guide to discovering, reporting, and publishing security vulnerabilities
616:, which is necessary for more severe attacks. Without a vulnerability, the exploit cannot gain access. It is also possible for
17:
3092:
2520:
2501:
2482:
2463:
2444:
2425:
2406:
2387:
2368:
2349:
2330:
2311:
2287:
2268:
2249:
2198:
1335:
1156:. As of 2023, it has over 20 million entries. This information is shared into other databases, including the United States'
596:) as well as those that have not been patched are still liable for exploitation. Vulnerabilities vary in their ability to be
353:
2298:
2185:
3154:
1149:
1128:
955:
is similar to CSRF, but the request is forged from the server side and often exploits the enhanced privilege of the server.
560:
3123:
2054:
1161:
1124:
1112:
687:
556:
2564:
47:
3055:
878:
run on many websites. Because they are inherently less secure than other applications, they are a leading source of
2851:
3105:
1157:
834:
713:
64:
1094:
the patch to find the underlying vulnerability and develop exploits, often faster than users install the patch.
949:(CSRF) is creating client requests that do malicious actions, such as an attacker changing a user's credentials.
856:
Unencrypted data that is in permanent storage or sent over a network is relatively easy for attackers to steal.
516:
741:
vulnerabilities enable an attacker to access a system that is supposed to be restricted to them, or engage in
2918:
2557:
2380:
This Is How They Tell Me the World Ends: Winner of the FT & McKinsey
Business Book of the Year Award 2021
2321:
Linkov, Igor; Kott, Alexander (2019). "Fundamental
Concepts of Cyber Resilience: Introduction and Overview".
621:
456:
253:
136:
126:
3159:
163:
151:
3110:
3031:
2831:
1169:
1165:
952:
597:
238:
3087:
3045:
2701:
946:
822:
475:
213:
3164:
2948:
2666:
2280:
Asset Attack
Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
1111:
A commonly used scale for assessing the severity of vulnerabilities is the open-source specification
720:
509:
258:
2933:
2811:
2706:
1361:
975:
882:
and other security incidents. Common types of vulnerabilities found in these applications include:
551:
434:
393:
363:
313:
3021:
2973:
2636:
2187:
Zero Days, Thousands of Nights: The Life and Times of Zero-Day
Vulnerabilities and Their Exploits
845:
637:
173:
580:
Despite developers' goal of delivering a product that works entirely as intended, virtually all
3149:
1356:
1137:
428:
3062:
2796:
1173:
777:
701:
796:
3082:
2994:
2943:
2888:
2756:
2729:
2711:
2609:
2580:
896:
810:
742:
674:
647:
613:
593:
544:
446:
388:
308:
2676:
8:
2866:
2641:
2599:
995:
920:
423:
248:
158:
3050:
2978:
2883:
1176:
products. Submitting a CVE is voluntary for companies that discovered a vulnerability.
783:
782:
Deliberate security bugs can be introduced during or after manufacturing and cause the
728:
716:
classifies vulnerabilities into eight root causes that may be overlapping, including:
3098:
2856:
2791:
2741:
2688:
2646:
2594:
2516:
2497:
2478:
2459:
2440:
2421:
2402:
2383:
2364:
2345:
2326:
2307:
2283:
2264:
2245:
2225:
2194:
1331:
1153:
936:
830:
601:
592:
are often released to fix identified vulnerabilities, but those that remain unknown (
418:
381:
348:
939:
is a form of code injection where the attacker places the malware in data fields or
893:
failures enable attackers to access data that should be restricted to trusted users.
646:
Connectivity: any system connected to the internet can be accessed and compromised.
636:
Complexity: Large, complex systems increase the probability of flaws and unintended
632:
Fundamental design factors that can increase the burden of vulnerabilities include:
612:), without the user being aware of it. Only a minority of vulnerabilities allow for
3067:
3007:
2771:
2761:
2656:
2399:
Trusted
Digital Circuits: Hardware Trojan Vulnerabilities, Prevention and Detection
2217:
1091:
1086:
1052:
990:
930:
875:
863:
849:
806:
690:
tools that can be used as part of code reviews and may find some vulnerabilities.
398:
99:
1626:
2958:
2938:
2836:
2661:
2651:
1673:
724:
679:
657:
653:
178:
69:
38:
1039:(administrator) access, and closing off opportunities for exploits to engage in
624:
or implants the malware in legitimate software that is downloaded deliberately.
588:
contains bugs. If a bug creates a security risk, it is called a vulnerability.
539:
are flaws in a computer system that weaken the overall security of the system.
3128:
3026:
2876:
2826:
2801:
2766:
2746:
2626:
2614:
2342:
Practical
Vulnerability Management: A Strategic Approach to Managing Cyber Risk
1194:
1032:
1016:
1007:
982:
962:
912:
900:
886:
813:
bugs that enable the attacker to gain more access than they should be allowed.
759:
738:
732:
697:
605:
589:
568:
487:
318:
271:
201:
82:
59:
2456:
Why Don't We Defend Better?: Data
Breaches, Risk Management, and Public Policy
660:
is at increased risk, but upgrading often is prohibitive in terms of cost and
3143:
3038:
2999:
2968:
2963:
2816:
2806:
2776:
2229:
1657:
926:
890:
581:
323:
218:
115:
2221:
3072:
2928:
2631:
2475:
Targeted Cyber
Attacks: Multi-staged Attacks Driven by Exploits and Malware
2237:
1355:. The COAST Laboratory Department of Computer Sciences, Purdue University.
585:
411:
278:
231:
86:
1140:, often considered the most dangerous type because fewer defenses exist.
650:
is one truly effective measure against attacks, but it is rarely feasible.
3012:
2846:
2821:
2786:
2621:
1078:
1064:
879:
826:
814:
683:
481:
368:
105:
919:
link (reflected XSS). Attackers can also insert malicious code into the
837:. All reputable vendors of operating systems provide patches regularly.
735:
is not sufficient to prevent the attacker from injecting malicious code.
3077:
2893:
2841:
2724:
2604:
2549:
1132:
904:
338:
333:
110:
2953:
2908:
2903:
2751:
2719:
1074:
1036:
358:
208:
188:
93:
54:
1984:
1982:
1172:. CVE and other databases typically do not track vulnerabilities in
961:
occurs when programmers do not consider unexpected cases arising in
2913:
2871:
2734:
1123:
Someone who discovers a vulnerability may disclose it immediately (
661:
620:
to be installed directly, without an exploit, if the attacker uses
452:
183:
131:
1912:
2923:
2898:
2861:
1979:
940:
908:
707:
617:
609:
440:
328:
303:
296:
168:
2261:
Mobile OS Vulnerabilities: Quantitative and
Qualitative Analysis
1647:
1645:
1006:
Remediation fixes vulnerabilities, for example by downloading a
2781:
2696:
2538:
1701:
1441:
1259:
693:
494:
343:
283:
121:
2300:
The Defender’s Dilemma: Charting a Course Toward Cybersecurity
2149:
2112:
2110:
2083:
1967:
1888:
2030:
1839:
1837:
1786:
1764:
1762:
1747:
1720:
1718:
1716:
1642:
1197:, that place legal requirements on vulnerability management.
1190:
818:
2437:
Introduction to Cybersecurity: A Multidisciplinary Challenge
1521:
1487:
1485:
1483:
1470:
1468:
1453:
1307:
1235:
943:. The attacker might be able to take over the entire server.
2161:
2107:
1945:
1943:
1941:
1939:
1581:
1429:
1417:
1405:
1381:
1330:. Morgan Kaufmann Publications. Elsevier Inc. p. 393.
2071:
1849:
1834:
1822:
1774:
1759:
1713:
1271:
1225:
1223:
1221:
700:
by paring down dependencies to only what is necessary. If
1480:
1465:
1295:
916:
1936:
1924:
1283:
1101:
852:. Common vulnerabilities in these applications include:
1900:
1878:
1876:
1810:
1798:
1689:
1614:
1604:
1602:
1600:
1598:
1596:
1571:
1569:
1567:
1565:
1552:
1550:
1548:
1369:
1326:
Kakareka, Almantas (2009). "23". In Vacca, John (ed.).
1218:
1206:
1160:, where each vulnerability is given a risk score using
2297:
Libicki, Martin C.; Ablon, Lillian; Webb, Tim (2015).
2139:
2137:
1737:
1735:
1733:
1247:
2511:
Tjoa, Simon; Gafić, Melisa; Kieseberg, Peter (2024).
2018:
1509:
2325:. Springer International Publishing. pp. 1–25.
2122:
2095:
2006:
1994:
1955:
1873:
1861:
1593:
1562:
1545:
1533:
1497:
1393:
2418:
PCI DSS: An Integrated Data Security Standard Guide
2134:
1730:
604:attacks, more dangerous ones allow the attacker to
2207:
1632:
3141:
2296:
2242:Big Breaches: Cybersecurity Lessons for Everyone
2089:
1988:
1973:
1918:
1894:
1148:The most commonly used vulnerability dataset is
2236:
1265:
1241:
862:occurs when an attacker takes over an existing
766:
708:National Vulnerability Database classification
2565:
840:
517:
2358:
2277:
2167:
2116:
2077:
2036:
1855:
1843:
1828:
1792:
1780:
1768:
1753:
1724:
1707:
1651:
1587:
1447:
1435:
1423:
1411:
1387:
1313:
1301:
1289:
1277:
1127:) or wait until a patch has been developed (
1035:, particularly for parts of the system with
686:can lead to missed bugs, but there are also
2510:
2453:
2258:
2183:
2155:
2050:"Ask an Ethicist: Vulnerability Disclosure"
1930:
1679:
1663:
1527:
1491:
1474:
1459:
1229:
1212:
2572:
2558:
2472:
2454:Sloan, Robert H.; Warner, Richard (2019).
2320:
1949:
1375:
1328:Computer and Information Security Handbook
1143:
1059:
524:
510:
3116:Security information and event management
2339:
1816:
1804:
1695:
1360:
27:Exploitable weakness in a computer system
2579:
2377:
2323:Cyber Resilience of Systems and Networks
1906:
1325:
1063:
2396:
2278:Haber, Morey J.; Hibbert, Brad (2018).
1515:
1503:
1319:
648:Disconnecting systems from the internet
14:
3142:
2491:
2473:Sood, Aditya; Enbody, Richard (2014).
2415:
2143:
2128:
2101:
2024:
2012:
2000:
1961:
1882:
1867:
1741:
1620:
1608:
1575:
1556:
1399:
1253:
668:
3093:Host-based intrusion detection system
2553:
2434:
2259:Garg, Shivi; Baliyan, Niyati (2023).
2184:Ablon, Lillian; Bogart, Andy (2017).
1539:
1350:
1136:vendor or the public, it is called a
1102:Assessment, disclosure, and inventory
1150:Common Vulnerabilities and Exposures
933:to gain unauthorized access to data.
561:Common Vulnerabilities and Exposures
3124:Runtime application self-protection
2057:'s Committee on Professional Ethics
2055:Association for Computing Machinery
1162:Common Vulnerability Scoring System
1113:Common Vulnerability Scoring System
870:
790:
557:Common Vulnerability Scoring System
244:forensics-focused operating systems
24:
2675:
2361:Zero Day: The Threat In Cyberspace
25:
3176:
3056:Security-focused operating system
2531:
627:
2852:Insecure direct object reference
2537:
1090:is released. Cybercriminals can
803:operating system vulnerabilities
797:Operating system § Security
787:introduced by malicious actors.
3106:Information security management
2042:
1344:
1158:National Vulnerability Database
1012:Software vulnerability scanners
929:and similar attacks manipulate
714:National Vulnerability Database
608:and run their own code (called
65:Hacking of consumer electronics
2090:Libicki, Ablon & Webb 2015
1989:Libicki, Ablon & Webb 2015
1974:Libicki, Ablon & Webb 2015
1919:Libicki, Ablon & Webb 2015
1895:Libicki, Ablon & Webb 2015
1353:Technical Report CSD-TR-97-026
1351:Krsul, Ivan (April 15, 1997).
1001:
13:
1:
2513:Cyber Resilience Fundamentals
1200:
1118:
1106:
1026:
969:
731:) vulnerabilities occur when
1179:
959:Business logic vulnerability
809:in use, a common problem is
767:Vulnerabilities by component
753:configuration vulnerability
164:Chaos Communication Congress
7:
3155:Hacking (computer security)
3111:Information risk management
3032:Multi-factor authentication
2588:Related security categories
1266:Daswani & Elbayadi 2021
1242:Daswani & Elbayadi 2021
1170:Common Weakness Enumeration
1166:Common Platform Enumeration
953:Server-side request forgery
899:(XSS) enables attackers to
771:
10:
3181:
3088:Intrusion detection system
3046:Computer security software
2702:Advanced persistent threat
2340:Magnusson, Andrew (2020).
2240:; Elbayadi, Moudy (2021).
2176:
1046:
973:
947:Cross-site request forgery
846:Client–server applications
841:Client–server applications
817:operating systems such as
794:
775:
476:2600: The Hacker Quarterly
214:List of computer criminals
2987:
2687:
2673:
2667:Digital rights management
2587:
2544:Vulnerability (computing)
2492:Strout, Benjamin (2023).
2382:. Bloomsbury Publishing.
2378:Perlroth, Nicole (2021).
2359:O'Harrow, Robert (2013).
825:have a freely accessible
575:
2812:Denial-of-service attack
2707:Arbitrary code execution
2397:Salmani, Hassan (2018).
2210:Journal of Cybersecurity
2168:Haber & Hibbert 2018
2117:Haber & Hibbert 2018
2037:Haber & Hibbert 2018
1856:Haber & Hibbert 2018
1844:Haber & Hibbert 2018
1829:Haber & Hibbert 2018
1793:Haber & Hibbert 2018
1781:Haber & Hibbert 2018
1769:Haber & Hibbert 2018
1754:Haber & Hibbert 2018
1725:Haber & Hibbert 2018
1708:Haber & Hibbert 2018
1652:Haber & Hibbert 2018
1588:Haber & Hibbert 2018
1448:Haber & Hibbert 2018
1436:Haber & Hibbert 2018
1424:Haber & Hibbert 2018
1412:Haber & Hibbert 2018
1388:Haber & Hibbert 2018
1314:Haber & Hibbert 2018
1302:Haber & Hibbert 2018
1290:Haber & Hibbert 2018
1278:Haber & Hibbert 2018
976:Vulnerability management
552:Vulnerability management
394:Cloud computing security
3022:Computer access control
2974:Rogue security software
2637:Electromagnetic warfare
2156:Sloan & Warner 2019
1931:Ablon & Bogart 2017
1528:Garg & Baliyan 2023
1492:Garg & Baliyan 2023
1475:Garg & Baliyan 2023
1460:Garg & Baliyan 2023
1230:Ablon & Bogart 2017
1213:Ablon & Bogart 2017
1144:Vulnerability inventory
1060:Vulnerability lifecycle
835:Apple operating systems
174:Hackers on Planet Earth
3068:Obfuscation (software)
2797:Browser Helper Objects
2681:
1950:Sood & Enbody 2014
1376:Linkov & Kott 2019
1138:zero-day vulnerability
1129:responsible disclosure
1069:
1068:Vulnerability timeline
1041:privilege exploitation
805:vary depending on the
429:Homebrew Computer Club
18:Software vulnerability
3063:Data-centric security
2944:Remote access trojans
2679:
2435:Sharp, Robin (2024).
2222:10.1093/cybsec/tyy006
1174:software as a service
1152:(CVE), maintained by
1067:
778:Hardware security bug
702:software as a service
2995:Application security
2889:Privilege escalation
2757:Cross-site scripting
2610:Cybersex trafficking
2581:Information security
2546:at Wikimedia Commons
2496:. Packt Publishing.
2416:Seaman, Jim (2020).
2306:. Rand Corporation.
2193:. Rand Corporation.
897:Cross-site scripting
811:privilege escalation
743:privilege escalation
688:static code analysis
675:software development
614:privilege escalation
545:software development
447:Masters of Deception
389:Application security
3160:Security compliance
2642:Information warfare
2600:Automotive security
2515:. Springer Nature.
2439:. Springer Nature.
2363:. Diversion Books.
2344:. No Starch Press.
2158:, pp. 104–105.
1710:, pp. 166–167.
1450:, pp. 135–137.
996:diminishing returns
921:domain object model
669:Development factors
424:Chaos Computer Club
159:Black Hat Briefings
33:Part of a series on
3051:Antivirus software
2919:Social engineering
2884:Polymorphic engine
2837:Fraudulent dialers
2742:Hardware backdoors
2682:
1921:, pp. 44, 46.
1686:, pp. 68, 70.
1168:(CPE) scheme, and
1070:
784:integrated circuit
729:boundary condition
622:social engineering
254:Social engineering
3137:
3136:
3099:Anomaly detection
3004:Secure by default
2857:Keystroke loggers
2792:Drive-by download
2680:vectorial version
2647:Internet security
2595:Computer security
2542:Media related to
2522:978-3-031-52064-8
2503:978-1-80324-356-6
2484:978-0-12-800619-1
2465:978-1-351-12729-5
2446:978-3-031-41463-3
2427:978-1-4842-5808-8
2408:978-3-319-79081-7
2389:978-1-5266-2983-8
2370:978-1-938120-76-3
2351:978-1-59327-989-9
2332:978-3-319-77492-3
2313:978-0-8330-8911-3
2289:978-1-4842-3627-7
2270:978-1-000-92451-0
2251:978-1-4842-6654-0
2200:978-0-8330-9761-3
2039:, pp. 73–74.
1991:, pp. 49–50.
1795:, pp. 84–85.
1756:, pp. 12–13.
1654:, pp. 97–98.
1623:, pp. 14–15.
1530:, pp. 20–25.
1462:, pp. 17–18.
1337:978-0-12-374354-1
1316:, pp. 13–14.
1268:, pp. 26–27.
1256:, pp. 47–48.
1154:Mitre Corporation
937:Command injection
860:Process hijacking
831:Microsoft Windows
602:denial of service
534:
533:
382:Computer security
349:Keystroke logging
16:(Redirected from
3172:
3165:Software testing
3008:Secure by design
2939:Hardware Trojans
2772:History sniffing
2762:Cross-site leaks
2657:Network security
2574:
2567:
2560:
2551:
2550:
2541:
2526:
2507:
2488:
2469:
2450:
2431:
2412:
2393:
2374:
2355:
2336:
2317:
2305:
2293:
2274:
2255:
2233:
2204:
2192:
2171:
2165:
2159:
2153:
2147:
2141:
2132:
2126:
2120:
2114:
2105:
2099:
2093:
2087:
2081:
2075:
2069:
2068:
2066:
2064:
2046:
2040:
2034:
2028:
2022:
2016:
2010:
2004:
1998:
1992:
1986:
1977:
1971:
1965:
1959:
1953:
1947:
1934:
1928:
1922:
1916:
1910:
1904:
1898:
1892:
1886:
1880:
1871:
1865:
1859:
1853:
1847:
1841:
1832:
1826:
1820:
1814:
1808:
1802:
1796:
1790:
1784:
1778:
1772:
1766:
1757:
1751:
1745:
1739:
1728:
1722:
1711:
1705:
1699:
1693:
1687:
1677:
1671:
1661:
1655:
1649:
1640:
1630:
1624:
1618:
1612:
1606:
1591:
1585:
1579:
1573:
1560:
1554:
1543:
1537:
1531:
1525:
1519:
1513:
1507:
1501:
1495:
1489:
1478:
1472:
1463:
1457:
1451:
1445:
1439:
1433:
1427:
1421:
1415:
1409:
1403:
1397:
1391:
1385:
1379:
1373:
1367:
1366:
1364:
1348:
1342:
1341:
1323:
1317:
1311:
1305:
1299:
1293:
1287:
1281:
1275:
1269:
1263:
1257:
1251:
1245:
1239:
1233:
1227:
1216:
1210:
1092:reverse engineer
1053:penetration test
991:defense in depth
931:database queries
876:Web applications
871:Web applications
864:computer process
850:operating system
807:operating system
791:Operating system
721:Input validation
590:Software patches
563:(CVE) database.
526:
519:
512:
399:Network security
100:Hacker Manifesto
39:Computer hacking
30:
29:
21:
3180:
3179:
3175:
3174:
3173:
3171:
3170:
3169:
3140:
3139:
3138:
3133:
2983:
2683:
2671:
2662:Copy protection
2652:Mobile security
2583:
2578:
2534:
2529:
2523:
2504:
2485:
2466:
2447:
2428:
2409:
2390:
2371:
2352:
2333:
2314:
2303:
2290:
2271:
2252:
2201:
2190:
2179:
2174:
2166:
2162:
2154:
2150:
2142:
2135:
2127:
2123:
2115:
2108:
2100:
2096:
2088:
2084:
2076:
2072:
2062:
2060:
2048:
2047:
2043:
2035:
2031:
2027:, pp. 5–6.
2023:
2019:
2011:
2007:
1999:
1995:
1987:
1980:
1972:
1968:
1960:
1956:
1948:
1937:
1929:
1925:
1917:
1913:
1905:
1901:
1893:
1889:
1881:
1874:
1866:
1862:
1854:
1850:
1842:
1835:
1827:
1823:
1815:
1811:
1803:
1799:
1791:
1787:
1779:
1775:
1767:
1760:
1752:
1748:
1740:
1731:
1723:
1714:
1706:
1702:
1694:
1690:
1678:
1674:
1662:
1658:
1650:
1643:
1631:
1627:
1619:
1615:
1607:
1594:
1586:
1582:
1574:
1563:
1555:
1546:
1538:
1534:
1526:
1522:
1514:
1510:
1502:
1498:
1490:
1481:
1473:
1466:
1458:
1454:
1446:
1442:
1434:
1430:
1422:
1418:
1410:
1406:
1398:
1394:
1386:
1382:
1374:
1370:
1349:
1345:
1338:
1324:
1320:
1312:
1308:
1300:
1296:
1288:
1284:
1280:, pp. 5–6.
1276:
1272:
1264:
1260:
1252:
1248:
1240:
1236:
1228:
1219:
1211:
1207:
1203:
1182:
1146:
1125:full disclosure
1121:
1109:
1104:
1062:
1049:
1029:
1017:false positives
1004:
978:
972:
873:
843:
799:
793:
780:
774:
769:
725:buffer overflow
710:
680:company culture
671:
654:Legacy software
630:
578:
537:Vulnerabilities
530:
501:
500:
470:
462:
461:
414:
404:
403:
384:
374:
373:
299:
289:
288:
274:
264:
263:
234:
224:
223:
204:
194:
193:
179:Security BSides
154:
144:
143:
89:
75:
74:
70:List of hackers
50:
28:
23:
22:
15:
12:
11:
5:
3178:
3168:
3167:
3162:
3157:
3152:
3135:
3134:
3132:
3131:
3129:Site isolation
3126:
3121:
3120:
3119:
3113:
3103:
3102:
3101:
3096:
3085:
3080:
3075:
3070:
3065:
3060:
3059:
3058:
3053:
3043:
3042:
3041:
3036:
3035:
3034:
3027:Authentication
3019:
3018:
3017:
3016:
3015:
3005:
3002:
2991:
2989:
2985:
2984:
2982:
2981:
2976:
2971:
2966:
2961:
2956:
2951:
2946:
2941:
2936:
2931:
2926:
2921:
2916:
2911:
2906:
2901:
2896:
2891:
2886:
2881:
2880:
2879:
2869:
2864:
2859:
2854:
2849:
2844:
2839:
2834:
2829:
2827:Email spoofing
2824:
2819:
2814:
2809:
2804:
2799:
2794:
2789:
2784:
2779:
2774:
2769:
2767:DOM clobbering
2764:
2759:
2754:
2749:
2747:Code injection
2744:
2739:
2738:
2737:
2732:
2727:
2722:
2714:
2709:
2704:
2699:
2693:
2691:
2685:
2684:
2674:
2672:
2670:
2669:
2664:
2659:
2654:
2649:
2644:
2639:
2634:
2629:
2627:Cyberterrorism
2624:
2619:
2618:
2617:
2615:Computer fraud
2612:
2602:
2597:
2591:
2589:
2585:
2584:
2577:
2576:
2569:
2562:
2554:
2548:
2547:
2533:
2532:External links
2530:
2528:
2527:
2521:
2508:
2502:
2489:
2483:
2470:
2464:
2451:
2445:
2432:
2426:
2413:
2407:
2394:
2388:
2375:
2369:
2356:
2350:
2337:
2331:
2318:
2312:
2294:
2288:
2275:
2269:
2256:
2250:
2234:
2205:
2199:
2180:
2178:
2175:
2173:
2172:
2170:, p. 111.
2160:
2148:
2133:
2121:
2119:, p. 110.
2106:
2094:
2082:
2070:
2059:. 17 July 2018
2041:
2029:
2017:
2005:
1993:
1978:
1966:
1954:
1935:
1923:
1911:
1909:, p. 145.
1899:
1887:
1872:
1860:
1848:
1833:
1821:
1817:Magnusson 2020
1809:
1805:Magnusson 2020
1797:
1785:
1773:
1758:
1746:
1729:
1712:
1700:
1696:Magnusson 2020
1688:
1672:
1656:
1641:
1625:
1613:
1592:
1590:, p. 129.
1580:
1561:
1544:
1542:, p. 271.
1532:
1520:
1508:
1496:
1479:
1464:
1452:
1440:
1438:, p. 142.
1428:
1426:, p. 141.
1416:
1414:, p. 143.
1404:
1392:
1390:, p. 155.
1380:
1368:
1362:10.1.1.26.5435
1343:
1336:
1318:
1306:
1294:
1282:
1270:
1258:
1246:
1234:
1217:
1204:
1202:
1199:
1195:Sarbanes-Oxley
1181:
1178:
1145:
1142:
1120:
1117:
1108:
1105:
1103:
1100:
1061:
1058:
1048:
1045:
1033:attack surface
1028:
1025:
1008:software patch
1003:
1000:
983:attack surface
974:Main article:
971:
968:
967:
966:
963:business logic
956:
950:
944:
934:
924:
913:input checking
894:
887:Authentication
872:
869:
868:
867:
857:
842:
839:
792:
789:
776:Main article:
773:
770:
768:
765:
764:
763:
760:race condition
756:
749:
746:
739:Access control
736:
733:input checking
709:
706:
698:attack surface
670:
667:
666:
665:
651:
644:
641:
629:
628:Design factors
626:
577:
574:
532:
531:
529:
528:
521:
514:
506:
503:
502:
499:
498:
491:
488:Nuts and Volts
484:
479:
471:
468:
467:
464:
463:
460:
459:
450:
444:
438:
435:Legion of Doom
432:
426:
421:
415:
410:
409:
406:
405:
402:
401:
396:
391:
385:
380:
379:
376:
375:
372:
371:
366:
361:
356:
351:
346:
341:
336:
331:
326:
321:
316:
311:
306:
300:
295:
294:
291:
290:
287:
286:
281:
275:
272:Practice sites
270:
269:
266:
265:
262:
261:
256:
251:
246:
241:
235:
230:
229:
226:
225:
222:
221:
216:
211:
205:
202:Computer crime
200:
199:
196:
195:
192:
191:
186:
181:
176:
171:
166:
161:
155:
150:
149:
146:
145:
142:
141:
140:
139:
134:
129:
118:
113:
108:
103:
96:
90:
83:Hacker culture
81:
80:
77:
76:
73:
72:
67:
62:
60:Cryptovirology
57:
51:
46:
45:
42:
41:
35:
34:
26:
9:
6:
4:
3:
2:
3177:
3166:
3163:
3161:
3158:
3156:
3153:
3151:
3150:Vulnerability
3148:
3147:
3145:
3130:
3127:
3125:
3122:
3117:
3114:
3112:
3109:
3108:
3107:
3104:
3100:
3097:
3094:
3091:
3090:
3089:
3086:
3084:
3081:
3079:
3076:
3074:
3071:
3069:
3066:
3064:
3061:
3057:
3054:
3052:
3049:
3048:
3047:
3044:
3040:
3039:Authorization
3037:
3033:
3030:
3029:
3028:
3025:
3024:
3023:
3020:
3014:
3011:
3010:
3009:
3006:
3003:
3001:
3000:Secure coding
2998:
2997:
2996:
2993:
2992:
2990:
2986:
2980:
2977:
2975:
2972:
2970:
2969:SQL injection
2967:
2965:
2962:
2960:
2957:
2955:
2952:
2950:
2949:Vulnerability
2947:
2945:
2942:
2940:
2937:
2935:
2934:Trojan horses
2932:
2930:
2929:Software bugs
2927:
2925:
2922:
2920:
2917:
2915:
2912:
2910:
2907:
2905:
2902:
2900:
2897:
2895:
2892:
2890:
2887:
2885:
2882:
2878:
2875:
2874:
2873:
2870:
2868:
2865:
2863:
2860:
2858:
2855:
2853:
2850:
2848:
2845:
2843:
2840:
2838:
2835:
2833:
2830:
2828:
2825:
2823:
2820:
2818:
2817:Eavesdropping
2815:
2813:
2810:
2808:
2807:Data scraping
2805:
2803:
2800:
2798:
2795:
2793:
2790:
2788:
2785:
2783:
2780:
2778:
2777:Cryptojacking
2775:
2773:
2770:
2768:
2765:
2763:
2760:
2758:
2755:
2753:
2750:
2748:
2745:
2743:
2740:
2736:
2733:
2731:
2728:
2726:
2723:
2721:
2718:
2717:
2715:
2713:
2710:
2708:
2705:
2703:
2700:
2698:
2695:
2694:
2692:
2690:
2686:
2678:
2668:
2665:
2663:
2660:
2658:
2655:
2653:
2650:
2648:
2645:
2643:
2640:
2638:
2635:
2633:
2630:
2628:
2625:
2623:
2620:
2616:
2613:
2611:
2608:
2607:
2606:
2603:
2601:
2598:
2596:
2593:
2592:
2590:
2586:
2582:
2575:
2570:
2568:
2563:
2561:
2556:
2555:
2552:
2545:
2540:
2536:
2535:
2524:
2518:
2514:
2509:
2505:
2499:
2495:
2490:
2486:
2480:
2476:
2471:
2467:
2461:
2458:. CRC Press.
2457:
2452:
2448:
2442:
2438:
2433:
2429:
2423:
2419:
2414:
2410:
2404:
2400:
2395:
2391:
2385:
2381:
2376:
2372:
2366:
2362:
2357:
2353:
2347:
2343:
2338:
2334:
2328:
2324:
2319:
2315:
2309:
2302:
2301:
2295:
2291:
2285:
2281:
2276:
2272:
2266:
2263:. CRC Press.
2262:
2257:
2253:
2247:
2243:
2239:
2238:Daswani, Neil
2235:
2231:
2227:
2223:
2219:
2215:
2211:
2206:
2202:
2196:
2189:
2188:
2182:
2181:
2169:
2164:
2157:
2152:
2145:
2140:
2138:
2131:, p. 22.
2130:
2125:
2118:
2113:
2111:
2104:, p. 36.
2103:
2098:
2092:, p. 45.
2091:
2086:
2080:, p. 18.
2079:
2078:O'Harrow 2013
2074:
2058:
2056:
2051:
2045:
2038:
2033:
2026:
2021:
2015:, p. 19.
2014:
2009:
2003:, p. 28.
2002:
1997:
1990:
1985:
1983:
1976:, p. 50.
1975:
1970:
1964:, p. 26.
1963:
1958:
1952:, p. 42.
1951:
1946:
1944:
1942:
1940:
1932:
1927:
1920:
1915:
1908:
1907:Perlroth 2021
1903:
1897:, p. 44.
1896:
1891:
1885:, p. 18.
1884:
1879:
1877:
1870:, p. 16.
1869:
1864:
1858:, p. 94.
1857:
1852:
1846:, p. 96.
1845:
1840:
1838:
1831:, p. 93.
1830:
1825:
1819:, p. 33.
1818:
1813:
1807:, p. 32.
1806:
1801:
1794:
1789:
1783:, p. 85.
1782:
1777:
1771:, p. 84.
1770:
1765:
1763:
1755:
1750:
1743:
1738:
1736:
1734:
1727:, p. 11.
1726:
1721:
1719:
1717:
1709:
1704:
1698:, p. 34.
1697:
1692:
1685:
1683:
1676:
1670:, p. 63.
1669:
1667:
1660:
1653:
1648:
1646:
1638:
1636:
1629:
1622:
1617:
1611:, p. 14.
1610:
1605:
1603:
1601:
1599:
1597:
1589:
1584:
1578:, p. 13.
1577:
1572:
1570:
1568:
1566:
1559:, p. 15.
1558:
1553:
1551:
1549:
1541:
1536:
1529:
1524:
1518:, p. 11.
1517:
1512:
1505:
1500:
1494:, p. 18.
1493:
1488:
1486:
1484:
1477:, p. 17.
1476:
1471:
1469:
1461:
1456:
1449:
1444:
1437:
1432:
1425:
1420:
1413:
1408:
1402:, p. 17.
1401:
1396:
1389:
1384:
1377:
1372:
1363:
1358:
1354:
1347:
1339:
1333:
1329:
1322:
1315:
1310:
1304:, p. 10.
1303:
1298:
1291:
1286:
1279:
1274:
1267:
1262:
1255:
1250:
1244:, p. 25.
1243:
1238:
1231:
1226:
1224:
1222:
1214:
1209:
1205:
1198:
1196:
1192:
1188:
1177:
1175:
1171:
1167:
1163:
1159:
1155:
1151:
1141:
1139:
1134:
1130:
1126:
1116:
1114:
1099:
1095:
1093:
1088:
1082:
1080:
1076:
1066:
1057:
1054:
1044:
1042:
1038:
1034:
1024:
1020:
1018:
1013:
1009:
999:
997:
992:
986:
984:
977:
964:
960:
957:
954:
951:
948:
945:
942:
938:
935:
932:
928:
927:SQL injection
925:
922:
918:
914:
910:
906:
902:
898:
895:
892:
891:authorization
888:
885:
884:
883:
881:
880:data breaches
877:
865:
861:
858:
855:
854:
853:
851:
847:
838:
836:
832:
828:
824:
820:
816:
812:
808:
804:
798:
788:
785:
779:
761:
757:
754:
750:
747:
744:
740:
737:
734:
730:
726:
722:
719:
718:
717:
715:
705:
703:
699:
695:
691:
689:
685:
681:
676:
663:
659:
655:
652:
649:
645:
642:
639:
638:access points
635:
634:
633:
625:
623:
619:
615:
611:
607:
603:
599:
595:
591:
587:
583:
573:
570:
564:
562:
558:
553:
549:
546:
540:
538:
527:
522:
520:
515:
513:
508:
507:
505:
504:
497:
496:
492:
490:
489:
485:
483:
480:
478:
477:
473:
472:
466:
465:
458:
454:
451:
448:
445:
442:
439:
436:
433:
430:
427:
425:
422:
420:
417:
416:
413:
408:
407:
400:
397:
395:
392:
390:
387:
386:
383:
378:
377:
370:
367:
365:
362:
360:
357:
355:
352:
350:
347:
345:
342:
340:
337:
335:
332:
330:
327:
325:
322:
320:
317:
315:
312:
310:
307:
305:
302:
301:
298:
293:
292:
285:
282:
280:
277:
276:
273:
268:
267:
260:
259:Vulnerability
257:
255:
252:
250:
247:
245:
242:
240:
237:
236:
233:
232:Hacking tools
228:
227:
220:
219:Script kiddie
217:
215:
212:
210:
207:
206:
203:
198:
197:
190:
187:
185:
182:
180:
177:
175:
172:
170:
167:
165:
162:
160:
157:
156:
153:
148:
147:
138:
135:
133:
130:
128:
125:
124:
123:
119:
117:
116:Maker culture
114:
112:
109:
107:
104:
102:
101:
97:
95:
92:
91:
88:
84:
79:
78:
71:
68:
66:
63:
61:
58:
56:
53:
52:
49:
44:
43:
40:
37:
36:
32:
31:
19:
3073:Data masking
2632:Cyberwarfare
2512:
2493:
2477:. Syngress.
2474:
2455:
2436:
2417:
2401:. Springer.
2398:
2379:
2360:
2341:
2322:
2299:
2279:
2260:
2241:
2213:
2209:
2186:
2163:
2151:
2146:, p. 6.
2124:
2097:
2085:
2073:
2061:. Retrieved
2053:
2044:
2032:
2020:
2008:
1996:
1969:
1957:
1933:, p. 8.
1926:
1914:
1902:
1890:
1863:
1851:
1824:
1812:
1800:
1788:
1776:
1749:
1744:, p. 8.
1703:
1691:
1681:
1675:
1665:
1659:
1639:, p. 2.
1634:
1628:
1616:
1583:
1535:
1523:
1516:Salmani 2018
1511:
1506:, p. 1.
1504:Salmani 2018
1499:
1455:
1443:
1431:
1419:
1407:
1395:
1383:
1378:, p. 2.
1371:
1352:
1346:
1327:
1321:
1309:
1297:
1292:, p. 6.
1285:
1273:
1261:
1249:
1237:
1232:, p. 2.
1215:, p. 1.
1208:
1183:
1147:
1133:bug bounties
1122:
1110:
1096:
1083:
1079:exploit kits
1071:
1050:
1030:
1021:
1005:
987:
979:
874:
844:
800:
781:
711:
692:
684:code reviews
672:
631:
579:
565:
550:
541:
536:
535:
493:
486:
474:
469:Publications
314:Trojan horse
279:HackThisSite
98:
3013:Misuse case
2847:Infostealer
2822:Email fraud
2787:Data breach
2622:Cybergeddon
2144:Strout 2023
2129:Strout 2023
2102:Strout 2023
2025:Strout 2023
2013:Strout 2023
2001:Strout 2023
1962:Strout 2023
1883:Strout 2023
1868:Strout 2023
1742:Strout 2023
1633:Agrafiotis
1621:Strout 2023
1609:Strout 2023
1576:Strout 2023
1557:Strout 2023
1400:Strout 2023
1254:Seaman 2020
1002:Remediation
827:source code
815:Open-source
723:(including
482:Hacker News
369:Infostealer
152:Conferences
106:Hackerspace
3144:Categories
3078:Encryption
2954:Web shells
2894:Ransomware
2842:Hacktivism
2605:Cybercrime
2420:. Apress.
2282:. Apress.
2244:. Apress.
1540:Sharp 2024
1201:References
1119:Disclosure
1107:Assessment
1027:Mitigation
970:Management
905:JavaScript
795:See also:
339:Logic bomb
334:Ransomware
111:Hacktivism
2909:Shellcode
2904:Scareware
2752:Crimeware
2712:Backdoors
2230:2057-2085
1357:CiteSeerX
1180:Liability
1075:Five Eyes
941:processes
801:Although
598:exploited
594:zero days
543:Insecure
457:Blue team
449:(defunct)
443:(defunct)
437:(defunct)
431:(defunct)
419:Anonymous
359:Web shell
209:Crimeware
189:Summercon
137:White hat
127:Black hat
120:Types of
94:Hackathon
55:Phreaking
3083:Firewall
2988:Defenses
2914:Spamming
2899:Rootkits
2872:Phishing
2832:Exploits
1164:(CVSS),
903:and run
772:Hardware
662:downtime
658:hardware
586:hardware
582:software
453:Red team
309:Backdoor
184:ShmooCon
132:Grey hat
2924:Spyware
2867:Payload
2862:Malware
2802:Viruses
2782:Botnets
2689:Threats
2177:Sources
1047:Testing
909:malware
907:-based
823:Android
618:malware
610:malware
441:LulzSec
329:Spyware
304:Rootkit
297:Malware
249:Payload
239:Exploit
169:DEF CON
122:hackers
48:History
3118:(SIEM)
3095:(HIDS)
2979:Zombie
2716:Bombs
2697:Adware
2519:
2500:
2481:
2462:
2443:
2424:
2405:
2386:
2367:
2348:
2329:
2310:
2286:
2267:
2248:
2228:
2197:
1682:et al.
1666:et al.
1635:et al.
1359:
1334:
1193:, and
901:inject
694:DevOps
606:inject
576:Causes
495:Phrack
412:Groups
344:Botnet
284:Zone-H
2964:Worms
2959:Wiper
2877:Voice
2725:Logic
2304:(PDF)
2216:(1).
2191:(PDF)
2063:3 May
1680:Tjoa
1664:Tjoa
1191:HIPAA
911:when
819:Linux
673:Some
569:patch
319:Virus
87:ethic
2730:Time
2720:Fork
2517:ISBN
2498:ISBN
2479:ISBN
2460:ISBN
2441:ISBN
2422:ISBN
2403:ISBN
2384:ISBN
2365:ISBN
2346:ISBN
2327:ISBN
2308:ISBN
2284:ISBN
2265:ISBN
2246:ISBN
2226:ISSN
2195:ISBN
2065:2024
1684:2024
1668:2024
1637:2018
1332:ISBN
1087:test
1037:root
889:and
833:and
821:and
727:and
712:The
656:and
584:and
354:HIDS
324:Worm
85:and
2735:Zip
2218:doi
1187:PCI
1081:.
998:.
985:.
917:URL
364:RCE
3146::
2224:.
2212:.
2136:^
2109:^
2052:.
1981:^
1938:^
1875:^
1836:^
1761:^
1732:^
1715:^
1644:^
1595:^
1564:^
1547:^
1482:^
1467:^
1220:^
1189:,
1051:A
1019:.
1010:.
758:A
751:A
455:/
2573:e
2566:t
2559:v
2525:.
2506:.
2487:.
2468:.
2449:.
2430:.
2411:.
2392:.
2373:.
2354:.
2335:.
2316:.
2292:.
2273:.
2254:.
2232:.
2220::
2214:4
2203:.
2067:.
1365:.
1340:.
965:.
923:.
866:.
745:.
664:.
640:.
525:e
518:t
511:v
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.