1053:
2665:
1103:(CVSS). CVSS evaluates the possibility to exploit the vulnerability and compromise data confidentiality, availability, and integrity. It also considers how the vulnerability could be used and how complex an exploit would need to be. The amount of access needed for exploitation and whether it could take place without user interaction are also factored in to the overall score.
969:
an identified vulnerability and whether it is cost effective to do so. Although attention to security can reduce the risk of attack, achieving perfect security for a complex system is impossible, and many security measures have unacceptable cost or usability downsides. For example, reducing the complexity and functionality of the system is effective at reducing the
2527:
684:, a development workflow that emphasizes automated testing and deployment to speed up the deployment of new features, often requires that many developers be granted access to change configurations, which can lead to deliberate or inadvertent inclusion of vulnerabilities. Compartmentalizing dependencies, which is often part of DevOps workflows, can reduce the
670:. This can lead to unintended vulnerabilities. The more complex the system is, the easier it is for vulnerabilities to go undetected. Some vulnerabilities are deliberately planted, which could be for any reason from a disgruntled employee selling access to hackers, to sophisticated state-sponsored schemes to introduce vulnerabilities to software. Inadequate
548:
vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation (fixing the vulnerability), mitigation (increasing the difficulty or reducing the danger of exploits), and accepting risks that are not economical or practical to eliminate. Vulnerabilities can be scored for risk according to the
560:
patch ================or otherwise) is associated with an increased risk of compromise because attackers often move faster than patches are rolled out. Regardless of whether a patch is ever released to remediate the vulnerability, its lifecycle will eventually end when the system, or older versions of it, fall out of use.
1077:
the patch to confirm functionality and compatibility. Larger organizations may fail to identify and patch all dependencies, while smaller enterprises and personal users may not install patches. Research suggests that risk of cyberattack increases if the vulnerability is made publicly known or a patch
968:
There is little evidence about the effectiveness and cost-effectiveness of different cyberattack prevention measures. Although estimating the risk of an attack is not straightforward, the mean time to breach and expected cost can be considered to determine the priority for remediating or mitigating
1065:(United States, United Kingdom, Canada, Australia, and New Zealand) captured the plurality of the market and other significant purchasers included Russia, India, Brazil, Malaysia, Singapore, North Korea, and Iran. Organized criminal groups also buy vulnerabilities, although they typically prefer
1060:
The vulnerability lifecycle begins when vulnerabilities are introduced into hardware or software. Detection of vulnerabilities can be by the software vendor, or by a third party. In the latter case, it is considered most ethical to immediately disclose the vulnerability to the vendor so it can be
1043:
attempts to enter the system via an exploit to see if the system is insecure. If a penetration test fails, it does not necessarily mean that the system is secure. Some penetration tests can be conducted with automated software that tests against existing exploits for known vulnerabilities. Other
1010:
Vulnerabilities can only be exploited when they are active-the software in which they are embedded is actively running on the system. Before the code containing the vulnerability is configured to run on the system, it is considered a carrier. Dormant vulnerabilities can run, but are not currently
665:
practices can affect the risk of vulnerabilities being introduced to a code base. Lack of knowledge about secure software development or excessive pressure to deliver features quickly can lead to avoidable vulnerabilities to enter production code, especially if security is not prioritized by the
559:
A vulnerability is initiated when it is introduced into hardware or software. It becomes active and exploitable when the software or hardware containing the vulnerability is running. The vulnerability may be discovered by the vendor or a third party. Disclosing the vulnerability (as a [[software
542:
Despite intentions to achieve complete correctness, virtually all hardware and software contains bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it is called a vulnerability.
1123:
to those who report vulnerabilities to them. Not all companies respond positively to disclosures, as they can cause legal liability and operational overhead. There is no law requiring disclosure of vulnerabilities. If a vulnerability is discovered by a third party that does not disclose to the
774:
not to behave as expected under certain specific circumstances. Testing for security bugs in hardware is quite difficult due to limited time and the complexity of twenty-first century chips, while the globalization of design and manufacturing has increased the opportunity for these bugs to be
547:
practices as well as design factors such as complexity can increase the burden of vulnerabilities. There are different types most common in different components such as hardware, operating is a process that includes identifying systems and prioritizing which are most important, scanning for
1072:
Even vulnerabilities that are publicly known or patched are often exploitable for an extended period. Security patches can take months to develop, or may never be developed. A patch can have negative effects on the functionality of software and users may need to
1002:
are typically unable to detect zero-day vulnerabilities, but are more effective at finding known vulnerabilities based on a database. These systems can find some known vulnerabilities and advise fixes, such as a patch. However, they have limitations including
981:
strategy is used for multiple barriers to attack. Some organizations scan for only the highest-risk vulnerabilities as this enables prioritization in the context of lacking the resources to fix every vulnerability. Increasing expenses is likely to have
1085:
Vulnerabilities become deprecated when the software or vulnerable versions fall out of use. This can take an extended period of time; in particular, industrial software may not be feasible to replace even if the manufacturer stops supporting it.
976:
Successful vulnerability management usually involves a combination of remediation (closing a vulnerability), mitigation (increasing the difficulty, and reducing the consequences, of exploits), and accepting some residual risk. Often a
1011:
running. Software containing dormant and carrier vulnerabilities can sometimes be uninstalled or disabled, removing the risk. Active vulnerabilities, if distinguished from the other types, can be prioritized for patching.
1172:
The software vendor is usually not legally liable for the cost if a vulnerability is used in an attack, which creates an incentive to make cheaper but less secure software. Some companies are covered by laws, such as
1119:, or coordinated disclosure). The former approach is praised for its transparency, but the drawback is that the risk of attack is likely to be increased after disclosure with no patch available. Some vendors pay
2196:
Agrafiotis, Ioannis; Nurse, Jason R C; Goldsmith, Michael; Creese, Sadie; Upton, David (2018). "A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate".
743:
comes into existence when configuration settings cause risks to the system security, leading to such faults as unpatched software or file system permissions that do not sufficiently restrict access.
903:
is insufficient to reject the injected code. XSS can be persistent, when attackers save the malware in a data field and run it when the data is loaded; it can also be loaded using a malicious
588:
by malicious actors, and the actual risk is dependent on the nature of the vulnerability as well as the value of the surrounding system. Although some vulnerabilities can only be used for
631:
Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw.
1061:
fixed. Government or intelligence agencies buy vulnerabilities that have not been publicly disclosed and may use them in an attack, stockpile them, or notify the vendor. As of 2013, the
1031:
is a common strategy for reducing the harm that a cyberattack can cause. If a patch for third-party software is unavailable, it may be possible to temporarily disable the software.
817:
and allow anyone to contribute, which could enable the introduction of vulnerabilities. However, the same vulnerabilities also occur in proprietary operating systems such as
836:
are downloaded onto the end user's computers and are typically updated less frequently than web applications. Unlike web applications, they interact directly with a user's
1174:
1019:
Vulnerability mitigation is measures that do not close the vulnerability, but make it more difficult to exploit or reduce the consequences of an attack. Reducing the
2559:
692:
is used, rather than the organization's own hardware and software, the organization is dependent on the cloud services provider to prevent vulnerabilities.
523:
3103:
3080:
2508:
2489:
2470:
2451:
2432:
2413:
2394:
2375:
2356:
2337:
2318:
2299:
2275:
2256:
2237:
2186:
1323:
353:
3142:
1137:
1116:
736:
When the system fails to handle and exceptional or unanticipated condition correctly, an attacker can exploit the situation to gain access.
553:
3111:
2042:
1149:
1112:
1100:
1044:
penetration tests are conducted by trained hackers. Many companies prefer to contract out this work as it simulates an outsider attack.
675:
549:
2531:
2552:
750:—when timing or other external factors change the outcome and lead to inconsistent or unpredictable results—can cause a vulnerability.
47:
2037:
552:
or other systems, and added to vulnerability databases. As of 2023, there are more than 20 million vulnerabilities catalogued in the
3043:
2839:
2482:
The
Vulnerability Researcher's Handbook: A comprehensive guide to discovering, reporting, and publishing security vulnerabilities
3093:
1145:
822:
701:
604:, which is necessary for more severe attacks. Without a vulnerability, the exploit cannot gain access. It is also possible for
243:
64:
1144:. As of 2023, it has over 20 million entries. This information is shared into other databases, including the United States'
584:) as well as those that have not been patched are still liable for exploitation. Vulnerabilities vary in their ability to be
516:
2286:
2173:
943:
is similar to CSRF, but the request is forged from the server side and often exploits the enhanced privilege of the server.
2906:
2545:
609:
456:
253:
136:
126:
3147:
163:
151:
3098:
3019:
2819:
1157:
1153:
940:
790:
585:
238:
999:
866:
run on many websites. Because they are inherently less secure than other applications, they are a leading source of
3075:
3033:
2689:
934:
810:
475:
213:
946:
3152:
2936:
2654:
740:
708:
509:
258:
1082:
the patch to find the underlying vulnerability and develop exploits, often faster than users install the patch.
937:(CSRF) is creating client requests that do malicious actions, such as an attacker changing a user's credentials.
2921:
2799:
2694:
963:
844:
Unencrypted data that is in permanent storage or sent over a network is relatively easy for attackers to steal.
434:
393:
363:
313:
833:
729:
vulnerabilities enable an attacker to access a system that is supposed to be restricted to them, or engage in
2368:
This Is How They Tell Me the World Ends: Winner of the FT & McKinsey
Business Book of the Year Award 2021
2309:
Linkov, Igor; Kott, Alexander (2019). "Fundamental
Concepts of Cyber Resilience: Introduction and Overview".
3009:
2961:
2624:
1028:
625:
173:
3137:
1344:
1125:
428:
3050:
2784:
1161:
765:
689:
847:
3070:
2982:
2931:
2876:
2744:
2717:
2699:
2664:
2597:
2568:
2268:
Asset Attack
Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
1099:
A commonly used scale for assessing the severity of vulnerabilities is the open-source specification
884:
798:
730:
662:
635:
601:
581:
544:
446:
388:
308:
2854:
2629:
2587:
1349:
983:
908:
870:
and other security incidents. Common types of vulnerabilities found in these applications include:
423:
248:
158:
3038:
2966:
2871:
2175:
Zero Days, Thousands of Nights: The Life and Times of Zero-Day
Vulnerabilities and Their Exploits
771:
716:
568:
Despite developers' goal of delivering a product that works entirely as intended, virtually all
17:
3086:
2844:
2779:
2729:
2676:
2634:
2582:
2504:
2485:
2466:
2447:
2428:
2409:
2390:
2371:
2352:
2333:
2314:
2295:
2271:
2252:
2233:
2213:
2182:
1319:
1141:
924:
818:
589:
418:
381:
348:
3055:
2995:
2759:
2749:
2644:
2205:
1079:
1074:
1040:
978:
918:
863:
851:
837:
794:
784:
398:
99:
2946:
2926:
2649:
2639:
712:
667:
645:
641:
178:
69:
38:
3116:
3014:
2864:
2814:
2789:
2754:
2734:
2614:
2602:
1182:
1164:
products. Submitting a CVE is voluntary for companies that discovered a vulnerability.
1052:
1020:
1004:
995:
970:
950:
900:
888:
874:
770:
Deliberate security bugs can be introduced during or after manufacturing and cause the
747:
726:
720:
685:
593:
577:
487:
318:
271:
201:
82:
59:
704:
classifies vulnerabilities into eight root causes that may be overlapping, including:
3131:
3026:
2987:
2956:
2951:
2804:
2794:
2764:
914:
878:
580:
are often released to fix identified vulnerabilities, but those that remain unknown (
569:
323:
218:
115:
927:
is a form of code injection where the attacker places the malware in data fields or
881:
failures enable attackers to access data that should be restricted to trusted users.
634:
Connectivity: any system connected to the internet can be accessed and compromised.
624:
Complexity: Large, complex systems increase the probability of flaws and unintended
620:
Fundamental design factors that can increase the burden of vulnerabilities include:
600:), without the user being aware of it. Only a minority of vulnerabilities allow for
3060:
2916:
2619:
2387:
Trusted
Digital Circuits: Hardware Trojan Vulnerabilities, Prevention and Detection
2225:
678:
tools that can be used as part of code reviews and may find some vulnerabilities.
573:
411:
278:
231:
86:
3000:
2834:
2809:
2774:
2609:
1066:
1027:(administrator) access, and closing off opportunities for exploits to engage in
867:
814:
802:
671:
612:
or implants the malware in legitimate software that is downloaded deliberately.
576:
contains bugs. If a bug creates a security risk, it is called a vulnerability.
539:
are flaws in a computer system that weaken the overall security of the system.
481:
368:
105:
2330:
Practical
Vulnerability Management: A Strategic Approach to Managing Cyber Risk
801:
bugs that enable the attacker to gain more access than they should be allowed.
3065:
2881:
2829:
2712:
2592:
2444:
Why Don't We Defend Better?: Data
Breaches, Risk Management, and Public Policy
1120:
892:
648:
is at increased risk, but upgrading often is prohibitive in terms of cost and
338:
333:
110:
2217:
2941:
2896:
2891:
2739:
2707:
2209:
1062:
1024:
358:
208:
188:
93:
54:
2463:
Targeted Cyber
Attacks: Multi-staged Attacks Driven by Exploits and Malware
1343:. The COAST Laboratory Department of Computer Sciences, Purdue University.
2526:
1128:, often considered the most dangerous type because fewer defenses exist.
638:
is one truly effective measure against attacks, but it is rarely feasible.
2901:
2859:
2722:
649:
452:
183:
131:
907:
link (reflected XSS). Attackers can also insert malicious code into the
825:. All reputable vendors of operating systems provide patches regularly.
723:
is not sufficient to prevent the attacker from injecting malicious code.
2911:
2886:
2849:
2537:
928:
896:
605:
597:
440:
328:
303:
296:
168:
2824:
2769:
2684:
681:
494:
343:
283:
121:
1972:
1970:
1160:. CVE and other databases typically do not track vulnerabilities in
949:
occurs when programmers do not consider unexpected cases arising in
1111:
Someone who discovers a vulnerability may disclose it immediately (
608:
to be installed directly, without an exploit, if the attacker uses
1178:
1051:
806:
2249:
Mobile OS Vulnerabilities: Quantitative and
Qualitative Analysis
1635:
1633:
994:
Remediation fixes vulnerabilities, for example by downloading a
2541:
2288:
The Defender’s Dilemma: Charting a Course Toward Cybersecurity
2100:
2098:
904:
1827:
1825:
1752:
1750:
1708:
1706:
1704:
1185:, that place legal requirements on vulnerability management.
2663:
2425:
Introduction to Cybersecurity: A Multidisciplinary Challenge
1475:
1473:
1471:
1458:
1456:
931:. The attacker might be able to take over the entire server.
1933:
1931:
1929:
1927:
1318:. Morgan Kaufmann Publications. Elsevier Inc. p. 393.
1213:
1211:
1209:
688:
by paring down dependencies to only what is necessary. If
840:. Common vulnerabilities in these applications include:
1866:
1864:
1592:
1590:
1588:
1586:
1584:
1559:
1557:
1555:
1553:
1540:
1538:
1536:
1314:
Kakareka, Almantas (2009). "23". In Vacca, John (ed.).
1148:, where each vulnerability is given a risk score using
2285:
Libicki, Martin C.; Ablon, Lillian; Webb, Tim (2015).
2127:
2125:
1725:
1723:
1721:
2499:
Tjoa, Simon; Gafić, Melisa; Kieseberg, Peter (2024).
2313:. Springer International Publishing. pp. 1–25.
2975:
2675:
2575:
2406:
PCI DSS: An Integrated Data Security Standard Guide
592:attacks, more dangerous ones allow the attacker to
1620:
2230:Big Breaches: Cybersecurity Lessons for Everyone
2077:
1976:
1961:
1906:
1882:
1136:The most commonly used vulnerability dataset is
1253:
1229:
850:occurs when an attacker takes over an existing
696:National Vulnerability Database classification
2553:
517:
8:
2155:
2104:
2065:
2024:
1843:
1831:
1816:
1780:
1768:
1756:
1741:
1712:
1695:
1639:
1575:
1435:
1423:
1411:
1399:
1375:
1301:
1289:
1277:
1265:
1115:) or wait until a patch has been developed (
1023:, particularly for parts of the system with
674:can lead to missed bugs, but there are also
2143:
2038:"Ask an Ethicist: Vulnerability Disclosure"
1918:
1667:
1651:
1515:
1479:
1462:
1447:
1217:
1200:
2560:
2546:
2538:
2442:Sloan, Robert H.; Warner, Richard (2019).
1937:
1363:
1316:Computer and Information Security Handbook
524:
510:
29:
3104:Security information and event management
1804:
1792:
1683:
1348:
27:Exploitable weakness in a computer system
2311:Cyber Resilience of Systems and Networks
1894:
2266:Haber, Morey J.; Hibbert, Brad (2018).
1503:
1491:
1193:
636:Disconnecting systems from the internet
37:
2461:Sood, Aditya; Enbody, Richard (2014).
2131:
2116:
2089:
2012:
2000:
1988:
1949:
1870:
1855:
1729:
1608:
1596:
1563:
1544:
1387:
1241:
3081:Host-based intrusion detection system
2247:Garg, Shivi; Baliyan, Niyati (2023).
2172:Ablon, Lillian; Bogart, Andy (2017).
1527:
1124:vendor or the public, it is called a
1090:Assessment, disclosure, and inventory
7:
1138:Common Vulnerabilities and Exposures
921:to gain unauthorized access to data.
554:Common Vulnerabilities and Exposures
3112:Runtime application self-protection
2045:'s Committee on Professional Ethics
2043:Association for Computing Machinery
1150:Common Vulnerability Scoring System
1101:Common Vulnerability Scoring System
550:Common Vulnerability Scoring System
244:forensics-focused operating systems
2349:Zero Day: The Threat In Cyberspace
25:
3044:Security-focused operating system
2840:Insecure direct object reference
2525:
1078:is released. Cybercriminals can
791:operating system vulnerabilities
785:Operating system § Security
775:introduced by malicious actors.
18:Vulnerability (computer science)
3094:Information security management
1146:National Vulnerability Database
1000:Software vulnerability scanners
917:and similar attacks manipulate
702:National Vulnerability Database
596:and run their own code (called
65:Hacking of consumer electronics
2078:Libicki, Ablon & Webb 2015
1977:Libicki, Ablon & Webb 2015
1962:Libicki, Ablon & Webb 2015
1907:Libicki, Ablon & Webb 2015
1883:Libicki, Ablon & Webb 2015
1341:Technical Report CSD-TR-97-026
1339:Krsul, Ivan (April 15, 1997).
1:
2501:Cyber Resilience Fundamentals
719:) vulnerabilities occur when
947:Business logic vulnerability
797:in use, a common problem is
755:Vulnerabilities by component
741:configuration vulnerability
164:Chaos Communication Congress
3143:Hacking (computer security)
3099:Information risk management
3020:Multi-factor authentication
2576:Related security categories
1254:Daswani & Elbayadi 2021
1230:Daswani & Elbayadi 2021
1158:Common Weakness Enumeration
1154:Common Platform Enumeration
941:Server-side request forgery
887:(XSS) enables attackers to
3169:
3076:Intrusion detection system
3034:Computer security software
2690:Advanced persistent threat
2328:Magnusson, Andrew (2020).
2228:; Elbayadi, Moudy (2021).
961:
935:Cross-site request forgery
834:Client–server applications
829:Client–server applications
805:operating systems such as
782:
763:
476:2600: The Hacker Quarterly
214:List of computer criminals
2661:
2655:Digital rights management
2532:Vulnerability (computing)
2480:Strout, Benjamin (2023).
2370:. Bloomsbury Publishing.
2366:Perlroth, Nicole (2021).
2347:O'Harrow, Robert (2013).
813:have a freely accessible
2800:Denial-of-service attack
2695:Arbitrary code execution
2385:Salmani, Hassan (2018).
2198:Journal of Cybersecurity
2156:Haber & Hibbert 2018
2105:Haber & Hibbert 2018
2025:Haber & Hibbert 2018
1844:Haber & Hibbert 2018
1832:Haber & Hibbert 2018
1817:Haber & Hibbert 2018
1781:Haber & Hibbert 2018
1769:Haber & Hibbert 2018
1757:Haber & Hibbert 2018
1742:Haber & Hibbert 2018
1713:Haber & Hibbert 2018
1696:Haber & Hibbert 2018
1640:Haber & Hibbert 2018
1576:Haber & Hibbert 2018
1436:Haber & Hibbert 2018
1424:Haber & Hibbert 2018
1412:Haber & Hibbert 2018
1400:Haber & Hibbert 2018
1376:Haber & Hibbert 2018
1302:Haber & Hibbert 2018
1290:Haber & Hibbert 2018
1278:Haber & Hibbert 2018
1266:Haber & Hibbert 2018
964:Vulnerability management
394:Cloud computing security
3010:Computer access control
2962:Rogue security software
2625:Electromagnetic warfare
2144:Sloan & Warner 2019
1919:Ablon & Bogart 2017
1516:Garg & Baliyan 2023
1480:Garg & Baliyan 2023
1463:Garg & Baliyan 2023
1448:Garg & Baliyan 2023
1218:Ablon & Bogart 2017
1201:Ablon & Bogart 2017
1132:Vulnerability inventory
1048:Vulnerability lifecycle
823:Apple operating systems
174:Hackers on Planet Earth
3056:Obfuscation (software)
2785:Browser Helper Objects
2669:
1938:Sood & Enbody 2014
1364:Linkov & Kott 2019
1126:zero-day vulnerability
1117:responsible disclosure
1057:
1056:Vulnerability timeline
1029:privilege exploitation
793:vary depending on the
429:Homebrew Computer Club
3051:Data-centric security
2932:Remote access trojans
2667:
2423:Sharp, Robin (2024).
2210:10.1093/cybsec/tyy006
1162:software as a service
1140:(CVE), maintained by
1055:
766:Hardware security bug
690:software as a service
2983:Application security
2877:Privilege escalation
2745:Cross-site scripting
2598:Cybersex trafficking
2569:Information security
2534:at Wikimedia Commons
2484:. Packt Publishing.
2404:Seaman, Jim (2020).
2294:. Rand Corporation.
2181:. Rand Corporation.
885:Cross-site scripting
799:privilege escalation
731:privilege escalation
676:static code analysis
663:software development
602:privilege escalation
545:software development
447:Masters of Deception
389:Application security
3148:Security compliance
2630:Information warfare
2588:Automotive security
2503:. Springer Nature.
2427:. Springer Nature.
2351:. Diversion Books.
2332:. No Starch Press.
2146:, pp. 104–105.
1698:, pp. 166–167.
1438:, pp. 135–137.
984:diminishing returns
909:domain object model
657:Development factors
424:Chaos Computer Club
159:Black Hat Briefings
33:Part of a series on
3039:Antivirus software
2907:Social engineering
2872:Polymorphic engine
2825:Fraudulent dialers
2730:Hardware backdoors
2670:
1909:, pp. 44, 46.
1674:, pp. 68, 70.
1156:(CPE) scheme, and
1058:
772:integrated circuit
717:boundary condition
610:social engineering
254:Social engineering
3125:
3124:
3087:Anomaly detection
2992:Secure by default
2845:Keystroke loggers
2780:Drive-by download
2668:vectorial version
2635:Internet security
2583:Computer security
2530:Media related to
2510:978-3-031-52064-8
2491:978-1-80324-356-6
2472:978-0-12-800619-1
2453:978-1-351-12729-5
2434:978-3-031-41463-3
2415:978-1-4842-5808-8
2396:978-3-319-79081-7
2377:978-1-5266-2983-8
2358:978-1-938120-76-3
2339:978-1-59327-989-9
2320:978-3-319-77492-3
2301:978-0-8330-8911-3
2277:978-1-4842-3627-7
2258:978-1-000-92451-0
2239:978-1-4842-6654-0
2188:978-0-8330-9761-3
2027:, pp. 73–74.
1979:, pp. 49–50.
1783:, pp. 84–85.
1744:, pp. 12–13.
1642:, pp. 97–98.
1611:, pp. 14–15.
1518:, pp. 20–25.
1450:, pp. 17–18.
1325:978-0-12-374354-1
1304:, pp. 13–14.
1256:, pp. 26–27.
1244:, pp. 47–48.
1142:Mitre Corporation
925:Command injection
848:Process hijacking
819:Microsoft Windows
590:denial of service
534:
533:
382:Computer security
349:Keystroke logging
16:(Redirected from
3160:
3153:Software testing
2996:Secure by design
2927:Hardware Trojans
2760:History sniffing
2750:Cross-site leaks
2645:Network security
2562:
2555:
2548:
2539:
2529:
2514:
2495:
2476:
2457:
2438:
2419:
2400:
2381:
2362:
2343:
2324:
2305:
2293:
2281:
2262:
2243:
2221:
2192:
2180:
2159:
2153:
2147:
2141:
2135:
2129:
2120:
2114:
2108:
2102:
2093:
2087:
2081:
2075:
2069:
2063:
2057:
2056:
2054:
2052:
2034:
2028:
2022:
2016:
2010:
2004:
1998:
1992:
1986:
1980:
1974:
1965:
1959:
1953:
1947:
1941:
1935:
1922:
1916:
1910:
1904:
1898:
1892:
1886:
1880:
1874:
1868:
1859:
1853:
1847:
1841:
1835:
1829:
1820:
1814:
1808:
1802:
1796:
1790:
1784:
1778:
1772:
1766:
1760:
1754:
1745:
1739:
1733:
1727:
1716:
1710:
1699:
1693:
1687:
1681:
1675:
1665:
1659:
1649:
1643:
1637:
1628:
1618:
1612:
1606:
1600:
1594:
1579:
1573:
1567:
1561:
1548:
1542:
1531:
1525:
1519:
1513:
1507:
1501:
1495:
1489:
1483:
1477:
1466:
1460:
1451:
1445:
1439:
1433:
1427:
1421:
1415:
1409:
1403:
1397:
1391:
1385:
1379:
1373:
1367:
1361:
1355:
1354:
1352:
1336:
1330:
1329:
1311:
1305:
1299:
1293:
1287:
1281:
1275:
1269:
1263:
1257:
1251:
1245:
1239:
1233:
1227:
1221:
1215:
1204:
1198:
1080:reverse engineer
1041:penetration test
979:defense in depth
919:database queries
864:Web applications
859:Web applications
852:computer process
838:operating system
795:operating system
779:Operating system
709:Input validation
578:Software patches
556:(CVE) database.
526:
519:
512:
399:Network security
100:Hacker Manifesto
39:Computer hacking
30:
21:
3168:
3167:
3163:
3162:
3161:
3159:
3158:
3157:
3128:
3127:
3126:
3121:
2971:
2671:
2659:
2650:Copy protection
2640:Mobile security
2571:
2566:
2522:
2517:
2511:
2498:
2492:
2479:
2473:
2460:
2454:
2441:
2435:
2422:
2416:
2403:
2397:
2384:
2378:
2365:
2359:
2346:
2340:
2327:
2321:
2308:
2302:
2291:
2284:
2278:
2265:
2259:
2246:
2240:
2224:
2195:
2189:
2178:
2171:
2167:
2162:
2154:
2150:
2142:
2138:
2130:
2123:
2115:
2111:
2103:
2096:
2088:
2084:
2076:
2072:
2064:
2060:
2050:
2048:
2036:
2035:
2031:
2023:
2019:
2015:, pp. 5–6.
2011:
2007:
1999:
1995:
1987:
1983:
1975:
1968:
1960:
1956:
1948:
1944:
1936:
1925:
1917:
1913:
1905:
1901:
1893:
1889:
1881:
1877:
1869:
1862:
1854:
1850:
1842:
1838:
1830:
1823:
1815:
1811:
1803:
1799:
1791:
1787:
1779:
1775:
1767:
1763:
1755:
1748:
1740:
1736:
1728:
1719:
1711:
1702:
1694:
1690:
1682:
1678:
1666:
1662:
1650:
1646:
1638:
1631:
1619:
1615:
1607:
1603:
1595:
1582:
1574:
1570:
1562:
1551:
1543:
1534:
1526:
1522:
1514:
1510:
1502:
1498:
1490:
1486:
1478:
1469:
1461:
1454:
1446:
1442:
1434:
1430:
1422:
1418:
1410:
1406:
1398:
1394:
1386:
1382:
1374:
1370:
1362:
1358:
1338:
1337:
1333:
1326:
1313:
1312:
1308:
1300:
1296:
1288:
1284:
1276:
1272:
1268:, pp. 5–6.
1264:
1260:
1252:
1248:
1240:
1236:
1228:
1224:
1216:
1207:
1199:
1195:
1191:
1170:
1134:
1113:full disclosure
1109:
1097:
1092:
1050:
1037:
1017:
1005:false positives
992:
966:
960:
861:
831:
787:
781:
768:
762:
757:
713:buffer overflow
698:
668:company culture
659:
642:Legacy software
618:
566:
537:Vulnerabilities
530:
501:
500:
470:
462:
461:
414:
404:
403:
384:
374:
373:
299:
289:
288:
274:
264:
263:
234:
224:
223:
204:
194:
193:
179:Security BSides
154:
144:
143:
89:
75:
74:
70:List of hackers
50:
28:
23:
22:
15:
12:
11:
5:
3166:
3164:
3156:
3155:
3150:
3145:
3140:
3130:
3129:
3123:
3122:
3120:
3119:
3117:Site isolation
3114:
3109:
3108:
3107:
3101:
3091:
3090:
3089:
3084:
3073:
3068:
3063:
3058:
3053:
3048:
3047:
3046:
3041:
3031:
3030:
3029:
3024:
3023:
3022:
3015:Authentication
3007:
3006:
3005:
3004:
3003:
2993:
2990:
2979:
2977:
2973:
2972:
2970:
2969:
2964:
2959:
2954:
2949:
2944:
2939:
2934:
2929:
2924:
2919:
2914:
2909:
2904:
2899:
2894:
2889:
2884:
2879:
2874:
2869:
2868:
2867:
2857:
2852:
2847:
2842:
2837:
2832:
2827:
2822:
2817:
2815:Email spoofing
2812:
2807:
2802:
2797:
2792:
2787:
2782:
2777:
2772:
2767:
2762:
2757:
2755:DOM clobbering
2752:
2747:
2742:
2737:
2735:Code injection
2732:
2727:
2726:
2725:
2720:
2715:
2710:
2702:
2697:
2692:
2687:
2681:
2679:
2673:
2672:
2662:
2660:
2658:
2657:
2652:
2647:
2642:
2637:
2632:
2627:
2622:
2617:
2615:Cyberterrorism
2612:
2607:
2606:
2605:
2603:Computer fraud
2600:
2590:
2585:
2579:
2577:
2573:
2572:
2567:
2565:
2564:
2557:
2550:
2542:
2536:
2535:
2521:
2520:External links
2518:
2516:
2515:
2509:
2496:
2490:
2477:
2471:
2458:
2452:
2439:
2433:
2420:
2414:
2401:
2395:
2382:
2376:
2363:
2357:
2344:
2338:
2325:
2319:
2306:
2300:
2282:
2276:
2263:
2257:
2244:
2238:
2222:
2193:
2187:
2168:
2166:
2163:
2161:
2160:
2158:, p. 111.
2148:
2136:
2121:
2109:
2107:, p. 110.
2094:
2082:
2070:
2058:
2047:. 17 July 2018
2029:
2017:
2005:
1993:
1981:
1966:
1954:
1942:
1923:
1911:
1899:
1897:, p. 145.
1887:
1875:
1860:
1848:
1836:
1821:
1809:
1805:Magnusson 2020
1797:
1793:Magnusson 2020
1785:
1773:
1761:
1746:
1734:
1717:
1700:
1688:
1684:Magnusson 2020
1676:
1660:
1644:
1629:
1613:
1601:
1580:
1578:, p. 129.
1568:
1549:
1532:
1530:, p. 271.
1520:
1508:
1496:
1484:
1467:
1452:
1440:
1428:
1426:, p. 142.
1416:
1414:, p. 141.
1404:
1402:, p. 143.
1392:
1380:
1378:, p. 155.
1368:
1356:
1350:10.1.1.26.5435
1331:
1324:
1306:
1294:
1282:
1270:
1258:
1246:
1234:
1222:
1205:
1192:
1190:
1187:
1183:Sarbanes-Oxley
1169:
1166:
1133:
1130:
1108:
1105:
1096:
1093:
1091:
1088:
1049:
1046:
1036:
1033:
1021:attack surface
1016:
1013:
996:software patch
991:
988:
971:attack surface
962:Main article:
959:
956:
955:
954:
951:business logic
944:
938:
932:
922:
912:
901:input checking
882:
875:Authentication
860:
857:
856:
855:
845:
830:
827:
780:
777:
764:Main article:
761:
758:
756:
753:
752:
751:
748:race condition
744:
737:
734:
727:Access control
724:
721:input checking
697:
694:
686:attack surface
658:
655:
654:
653:
639:
632:
629:
617:
616:Design factors
614:
565:
562:
532:
531:
529:
528:
521:
514:
506:
503:
502:
499:
498:
491:
488:Nuts and Volts
484:
479:
471:
468:
467:
464:
463:
460:
459:
450:
444:
438:
435:Legion of Doom
432:
426:
421:
415:
410:
409:
406:
405:
402:
401:
396:
391:
385:
380:
379:
376:
375:
372:
371:
366:
361:
356:
351:
346:
341:
336:
331:
326:
321:
316:
311:
306:
300:
295:
294:
291:
290:
287:
286:
281:
275:
272:Practice sites
270:
269:
266:
265:
262:
261:
256:
251:
246:
241:
235:
230:
229:
226:
225:
222:
221:
216:
211:
205:
202:Computer crime
200:
199:
196:
195:
192:
191:
186:
181:
176:
171:
166:
161:
155:
150:
149:
146:
145:
142:
141:
140:
139:
134:
129:
118:
113:
108:
103:
96:
90:
83:Hacker culture
81:
80:
77:
76:
73:
72:
67:
62:
60:Cryptovirology
57:
51:
46:
45:
42:
41:
35:
34:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
3165:
3154:
3151:
3149:
3146:
3144:
3141:
3139:
3138:Vulnerability
3136:
3135:
3133:
3118:
3115:
3113:
3110:
3105:
3102:
3100:
3097:
3096:
3095:
3092:
3088:
3085:
3082:
3079:
3078:
3077:
3074:
3072:
3069:
3067:
3064:
3062:
3059:
3057:
3054:
3052:
3049:
3045:
3042:
3040:
3037:
3036:
3035:
3032:
3028:
3027:Authorization
3025:
3021:
3018:
3017:
3016:
3013:
3012:
3011:
3008:
3002:
2999:
2998:
2997:
2994:
2991:
2989:
2988:Secure coding
2986:
2985:
2984:
2981:
2980:
2978:
2974:
2968:
2965:
2963:
2960:
2958:
2957:SQL injection
2955:
2953:
2950:
2948:
2945:
2943:
2940:
2938:
2937:Vulnerability
2935:
2933:
2930:
2928:
2925:
2923:
2922:Trojan horses
2920:
2918:
2917:Software bugs
2915:
2913:
2910:
2908:
2905:
2903:
2900:
2898:
2895:
2893:
2890:
2888:
2885:
2883:
2880:
2878:
2875:
2873:
2870:
2866:
2863:
2862:
2861:
2858:
2856:
2853:
2851:
2848:
2846:
2843:
2841:
2838:
2836:
2833:
2831:
2828:
2826:
2823:
2821:
2818:
2816:
2813:
2811:
2808:
2806:
2805:Eavesdropping
2803:
2801:
2798:
2796:
2795:Data scraping
2793:
2791:
2788:
2786:
2783:
2781:
2778:
2776:
2773:
2771:
2768:
2766:
2765:Cryptojacking
2763:
2761:
2758:
2756:
2753:
2751:
2748:
2746:
2743:
2741:
2738:
2736:
2733:
2731:
2728:
2724:
2721:
2719:
2716:
2714:
2711:
2709:
2706:
2705:
2703:
2701:
2698:
2696:
2693:
2691:
2688:
2686:
2683:
2682:
2680:
2678:
2674:
2666:
2656:
2653:
2651:
2648:
2646:
2643:
2641:
2638:
2636:
2633:
2631:
2628:
2626:
2623:
2621:
2618:
2616:
2613:
2611:
2608:
2604:
2601:
2599:
2596:
2595:
2594:
2591:
2589:
2586:
2584:
2581:
2580:
2578:
2574:
2570:
2563:
2558:
2556:
2551:
2549:
2544:
2543:
2540:
2533:
2528:
2524:
2523:
2519:
2512:
2506:
2502:
2497:
2493:
2487:
2483:
2478:
2474:
2468:
2464:
2459:
2455:
2449:
2446:. CRC Press.
2445:
2440:
2436:
2430:
2426:
2421:
2417:
2411:
2407:
2402:
2398:
2392:
2388:
2383:
2379:
2373:
2369:
2364:
2360:
2354:
2350:
2345:
2341:
2335:
2331:
2326:
2322:
2316:
2312:
2307:
2303:
2297:
2290:
2289:
2283:
2279:
2273:
2269:
2264:
2260:
2254:
2251:. CRC Press.
2250:
2245:
2241:
2235:
2231:
2227:
2226:Daswani, Neil
2223:
2219:
2215:
2211:
2207:
2203:
2199:
2194:
2190:
2184:
2177:
2176:
2170:
2169:
2164:
2157:
2152:
2149:
2145:
2140:
2137:
2133:
2128:
2126:
2122:
2119:, p. 22.
2118:
2113:
2110:
2106:
2101:
2099:
2095:
2092:, p. 36.
2091:
2086:
2083:
2080:, p. 45.
2079:
2074:
2071:
2068:, p. 18.
2067:
2066:O'Harrow 2013
2062:
2059:
2046:
2044:
2039:
2033:
2030:
2026:
2021:
2018:
2014:
2009:
2006:
2003:, p. 19.
2002:
1997:
1994:
1991:, p. 28.
1990:
1985:
1982:
1978:
1973:
1971:
1967:
1964:, p. 50.
1963:
1958:
1955:
1952:, p. 26.
1951:
1946:
1943:
1940:, p. 42.
1939:
1934:
1932:
1930:
1928:
1924:
1920:
1915:
1912:
1908:
1903:
1900:
1896:
1895:Perlroth 2021
1891:
1888:
1885:, p. 44.
1884:
1879:
1876:
1873:, p. 18.
1872:
1867:
1865:
1861:
1858:, p. 16.
1857:
1852:
1849:
1846:, p. 94.
1845:
1840:
1837:
1834:, p. 96.
1833:
1828:
1826:
1822:
1819:, p. 93.
1818:
1813:
1810:
1807:, p. 33.
1806:
1801:
1798:
1795:, p. 32.
1794:
1789:
1786:
1782:
1777:
1774:
1771:, p. 85.
1770:
1765:
1762:
1759:, p. 84.
1758:
1753:
1751:
1747:
1743:
1738:
1735:
1731:
1726:
1724:
1722:
1718:
1715:, p. 11.
1714:
1709:
1707:
1705:
1701:
1697:
1692:
1689:
1686:, p. 34.
1685:
1680:
1677:
1673:
1671:
1664:
1661:
1658:, p. 63.
1657:
1655:
1648:
1645:
1641:
1636:
1634:
1630:
1626:
1624:
1617:
1614:
1610:
1605:
1602:
1599:, p. 14.
1598:
1593:
1591:
1589:
1587:
1585:
1581:
1577:
1572:
1569:
1566:, p. 13.
1565:
1560:
1558:
1556:
1554:
1550:
1547:, p. 15.
1546:
1541:
1539:
1537:
1533:
1529:
1524:
1521:
1517:
1512:
1509:
1506:, p. 11.
1505:
1500:
1497:
1493:
1488:
1485:
1482:, p. 18.
1481:
1476:
1474:
1472:
1468:
1465:, p. 17.
1464:
1459:
1457:
1453:
1449:
1444:
1441:
1437:
1432:
1429:
1425:
1420:
1417:
1413:
1408:
1405:
1401:
1396:
1393:
1390:, p. 17.
1389:
1384:
1381:
1377:
1372:
1369:
1365:
1360:
1357:
1351:
1346:
1342:
1335:
1332:
1327:
1321:
1317:
1310:
1307:
1303:
1298:
1295:
1292:, p. 10.
1291:
1286:
1283:
1279:
1274:
1271:
1267:
1262:
1259:
1255:
1250:
1247:
1243:
1238:
1235:
1232:, p. 25.
1231:
1226:
1223:
1219:
1214:
1212:
1210:
1206:
1202:
1197:
1194:
1188:
1186:
1184:
1180:
1176:
1167:
1165:
1163:
1159:
1155:
1151:
1147:
1143:
1139:
1131:
1129:
1127:
1122:
1118:
1114:
1106:
1104:
1102:
1094:
1089:
1087:
1083:
1081:
1076:
1070:
1068:
1064:
1054:
1047:
1045:
1042:
1034:
1032:
1030:
1026:
1022:
1014:
1012:
1008:
1006:
1001:
997:
989:
987:
985:
980:
974:
972:
965:
957:
952:
948:
945:
942:
939:
936:
933:
930:
926:
923:
920:
916:
915:SQL injection
913:
910:
906:
902:
898:
894:
890:
886:
883:
880:
879:authorization
876:
873:
872:
871:
869:
868:data breaches
865:
858:
853:
849:
846:
843:
842:
841:
839:
835:
828:
826:
824:
820:
816:
812:
808:
804:
800:
796:
792:
786:
778:
776:
773:
767:
759:
754:
749:
745:
742:
738:
735:
732:
728:
725:
722:
718:
714:
710:
707:
706:
705:
703:
695:
693:
691:
687:
683:
679:
677:
673:
669:
664:
656:
651:
647:
643:
640:
637:
633:
630:
627:
626:access points
623:
622:
621:
615:
613:
611:
607:
603:
599:
595:
591:
587:
583:
579:
575:
571:
563:
561:
557:
555:
551:
546:
540:
538:
527:
522:
520:
515:
513:
508:
507:
505:
504:
497:
496:
492:
490:
489:
485:
483:
480:
478:
477:
473:
472:
466:
465:
458:
454:
451:
448:
445:
442:
439:
436:
433:
430:
427:
425:
422:
420:
417:
416:
413:
408:
407:
400:
397:
395:
392:
390:
387:
386:
383:
378:
377:
370:
367:
365:
362:
360:
357:
355:
352:
350:
347:
345:
342:
340:
337:
335:
332:
330:
327:
325:
322:
320:
317:
315:
312:
310:
307:
305:
302:
301:
298:
293:
292:
285:
282:
280:
277:
276:
273:
268:
267:
260:
259:Vulnerability
257:
255:
252:
250:
247:
245:
242:
240:
237:
236:
233:
232:Hacking tools
228:
227:
220:
219:Script kiddie
217:
215:
212:
210:
207:
206:
203:
198:
197:
190:
187:
185:
182:
180:
177:
175:
172:
170:
167:
165:
162:
160:
157:
156:
153:
148:
147:
138:
135:
133:
130:
128:
125:
124:
123:
119:
117:
116:Maker culture
114:
112:
109:
107:
104:
102:
101:
97:
95:
92:
91:
88:
84:
79:
78:
71:
68:
66:
63:
61:
58:
56:
53:
52:
49:
44:
43:
40:
36:
32:
31:
19:
3061:Data masking
2620:Cyberwarfare
2500:
2481:
2465:. Syngress.
2462:
2443:
2424:
2405:
2389:. Springer.
2386:
2367:
2348:
2329:
2310:
2287:
2267:
2248:
2229:
2201:
2197:
2174:
2151:
2139:
2134:, p. 6.
2112:
2085:
2073:
2061:
2049:. Retrieved
2041:
2032:
2020:
2008:
1996:
1984:
1957:
1945:
1921:, p. 8.
1914:
1902:
1890:
1878:
1851:
1839:
1812:
1800:
1788:
1776:
1764:
1737:
1732:, p. 8.
1691:
1679:
1669:
1663:
1653:
1647:
1627:, p. 2.
1622:
1616:
1604:
1571:
1523:
1511:
1504:Salmani 2018
1499:
1494:, p. 1.
1492:Salmani 2018
1487:
1443:
1431:
1419:
1407:
1395:
1383:
1371:
1366:, p. 2.
1359:
1340:
1334:
1315:
1309:
1297:
1285:
1280:, p. 6.
1273:
1261:
1249:
1237:
1225:
1220:, p. 2.
1203:, p. 1.
1196:
1171:
1135:
1121:bug bounties
1110:
1098:
1084:
1071:
1067:exploit kits
1059:
1038:
1018:
1009:
993:
975:
967:
862:
832:
788:
769:
699:
680:
672:code reviews
660:
619:
567:
558:
541:
536:
535:
493:
486:
474:
469:Publications
314:Trojan horse
279:HackThisSite
98:
3001:Misuse case
2835:Infostealer
2810:Email fraud
2775:Data breach
2610:Cybergeddon
2132:Strout 2023
2117:Strout 2023
2090:Strout 2023
2013:Strout 2023
2001:Strout 2023
1989:Strout 2023
1950:Strout 2023
1871:Strout 2023
1856:Strout 2023
1730:Strout 2023
1621:Agrafiotis
1609:Strout 2023
1597:Strout 2023
1564:Strout 2023
1545:Strout 2023
1388:Strout 2023
1242:Seaman 2020
990:Remediation
815:source code
803:Open-source
711:(including
482:Hacker News
369:Infostealer
152:Conferences
106:Hackerspace
3132:Categories
3066:Encryption
2942:Web shells
2882:Ransomware
2830:Hacktivism
2593:Cybercrime
2408:. Apress.
2270:. Apress.
2232:. Apress.
1528:Sharp 2024
1189:References
1107:Disclosure
1095:Assessment
1015:Mitigation
958:Management
893:JavaScript
783:See also:
339:Logic bomb
334:Ransomware
111:Hacktivism
2897:Shellcode
2892:Scareware
2740:Crimeware
2700:Backdoors
2218:2057-2085
1345:CiteSeerX
1168:Liability
1063:Five Eyes
929:processes
789:Although
586:exploited
582:zero days
543:Insecure
457:Blue team
449:(defunct)
443:(defunct)
437:(defunct)
431:(defunct)
419:Anonymous
359:Web shell
209:Crimeware
189:Summercon
137:White hat
127:Black hat
120:Types of
94:Hackathon
55:Phreaking
3071:Firewall
2976:Defenses
2902:Spamming
2887:Rootkits
2860:Phishing
2820:Exploits
1152:(CVSS),
891:and run
760:Hardware
650:downtime
646:hardware
574:hardware
570:software
453:Red team
309:Backdoor
184:ShmooCon
132:Grey hat
2912:Spyware
2855:Payload
2850:Malware
2790:Viruses
2770:Botnets
2677:Threats
2165:Sources
1035:Testing
897:malware
895:-based
811:Android
606:malware
598:malware
441:LulzSec
329:Spyware
304:Rootkit
297:Malware
249:Payload
239:Exploit
169:DEF CON
122:hackers
48:History
3106:(SIEM)
3083:(HIDS)
2967:Zombie
2704:Bombs
2685:Adware
2507:
2488:
2469:
2450:
2431:
2412:
2393:
2374:
2355:
2336:
2317:
2298:
2274:
2255:
2236:
2216:
2185:
1670:et al.
1654:et al.
1623:et al.
1347:
1322:
1181:, and
889:inject
682:DevOps
594:inject
564:Causes
495:Phrack
412:Groups
344:Botnet
284:Zone-H
2952:Worms
2947:Wiper
2865:Voice
2713:Logic
2292:(PDF)
2204:(1).
2179:(PDF)
2051:3 May
1668:Tjoa
1652:Tjoa
1179:HIPAA
899:when
807:Linux
661:Some
319:Virus
87:ethic
2718:Time
2708:Fork
2505:ISBN
2486:ISBN
2467:ISBN
2448:ISBN
2429:ISBN
2410:ISBN
2391:ISBN
2372:ISBN
2353:ISBN
2334:ISBN
2315:ISBN
2296:ISBN
2272:ISBN
2253:ISBN
2234:ISBN
2214:ISSN
2183:ISBN
2053:2024
1672:2024
1656:2024
1625:2018
1320:ISBN
1075:test
1025:root
877:and
821:and
809:and
715:and
700:The
644:and
572:and
354:HIDS
324:Worm
85:and
2723:Zip
2206:doi
1175:PCI
1069:.
986:.
973:.
905:URL
364:RCE
3134::
2212:.
2200:.
2124:^
2097:^
2040:.
1969:^
1926:^
1863:^
1824:^
1749:^
1720:^
1703:^
1632:^
1583:^
1552:^
1535:^
1470:^
1455:^
1208:^
1177:,
1039:A
1007:.
998:.
746:A
739:A
455:/
2561:e
2554:t
2547:v
2513:.
2494:.
2475:.
2456:.
2437:.
2418:.
2399:.
2380:.
2361:.
2342:.
2323:.
2304:.
2280:.
2261:.
2242:.
2220:.
2208::
2202:4
2191:.
2055:.
1353:.
1328:.
953:.
911:.
854:.
733:.
652:.
628:.
525:e
518:t
511:v
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.