1042:
2654:
1092:(CVSS). CVSS evaluates the possibility to exploit the vulnerability and compromise data confidentiality, availability, and integrity. It also considers how the vulnerability could be used and how complex an exploit would need to be. The amount of access needed for exploitation and whether it could take place without user interaction are also factored in to the overall score.
958:
an identified vulnerability and whether it is cost effective to do so. Although attention to security can reduce the risk of attack, achieving perfect security for a complex system is impossible, and many security measures have unacceptable cost or usability downsides. For example, reducing the complexity and functionality of the system is effective at reducing the
2516:
673:, a development workflow that emphasizes automated testing and deployment to speed up the deployment of new features, often requires that many developers be granted access to change configurations, which can lead to deliberate or inadvertent inclusion of vulnerabilities. Compartmentalizing dependencies, which is often part of DevOps workflows, can reduce the
659:. This can lead to unintended vulnerabilities. The more complex the system is, the easier it is for vulnerabilities to go undetected. Some vulnerabilities are deliberately planted, which could be for any reason from a disgruntled employee selling access to hackers, to sophisticated state-sponsored schemes to introduce vulnerabilities to software. Inadequate
537:
vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation (fixing the vulnerability), mitigation (increasing the difficulty or reducing the danger of exploits), and accepting risks that are not economical or practical to eliminate. Vulnerabilities can be scored for risk according to the
549:
patch ================or otherwise) is associated with an increased risk of compromise because attackers often move faster than patches are rolled out. Regardless of whether a patch is ever released to remediate the vulnerability, its lifecycle will eventually end when the system, or older versions of it, fall out of use.
1066:
the patch to confirm functionality and compatibility. Larger organizations may fail to identify and patch all dependencies, while smaller enterprises and personal users may not install patches. Research suggests that risk of cyberattack increases if the vulnerability is made publicly known or a patch
957:
There is little evidence about the effectiveness and cost-effectiveness of different cyberattack prevention measures. Although estimating the risk of an attack is not straightforward, the mean time to breach and expected cost can be considered to determine the priority for remediating or mitigating
1054:(United States, United Kingdom, Canada, Australia, and New Zealand) captured the plurality of the market and other significant purchasers included Russia, India, Brazil, Malaysia, Singapore, North Korea, and Iran. Organized criminal groups also buy vulnerabilities, although they typically prefer
1049:
The vulnerability lifecycle begins when vulnerabilities are introduced into hardware or software. Detection of vulnerabilities can be by the software vendor, or by a third party. In the latter case, it is considered most ethical to immediately disclose the vulnerability to the vendor so it can be
1032:
attempts to enter the system via an exploit to see if the system is insecure. If a penetration test fails, it does not necessarily mean that the system is secure. Some penetration tests can be conducted with automated software that tests against existing exploits for known vulnerabilities. Other
999:
Vulnerabilities can only be exploited when they are active-the software in which they are embedded is actively running on the system. Before the code containing the vulnerability is configured to run on the system, it is considered a carrier. Dormant vulnerabilities can run, but are not currently
654:
practices can affect the risk of vulnerabilities being introduced to a code base. Lack of knowledge about secure software development or excessive pressure to deliver features quickly can lead to avoidable vulnerabilities to enter production code, especially if security is not prioritized by the
548:
A vulnerability is initiated when it is introduced into hardware or software. It becomes active and exploitable when the software or hardware containing the vulnerability is running. The vulnerability may be discovered by the vendor or a third party. Disclosing the vulnerability (as a [[software
531:
Despite intentions to achieve complete correctness, virtually all hardware and software contains bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it is called a vulnerability.
1112:
to those who report vulnerabilities to them. Not all companies respond positively to disclosures, as they can cause legal liability and operational overhead. There is no law requiring disclosure of vulnerabilities. If a vulnerability is discovered by a third party that does not disclose to the
763:
not to behave as expected under certain specific circumstances. Testing for security bugs in hardware is quite difficult due to limited time and the complexity of twenty-first century chips, while the globalization of design and manufacturing has increased the opportunity for these bugs to be
536:
practices as well as design factors such as complexity can increase the burden of vulnerabilities. There are different types most common in different components such as hardware, operating is a process that includes identifying systems and prioritizing which are most important, scanning for
1061:
Even vulnerabilities that are publicly known or patched are often exploitable for an extended period. Security patches can take months to develop, or may never be developed. A patch can have negative effects on the functionality of software and users may need to
991:
are typically unable to detect zero-day vulnerabilities, but are more effective at finding known vulnerabilities based on a database. These systems can find some known vulnerabilities and advise fixes, such as a patch. However, they have limitations including
970:
strategy is used for multiple barriers to attack. Some organizations scan for only the highest-risk vulnerabilities as this enables prioritization in the context of lacking the resources to fix every vulnerability. Increasing expenses is likely to have
1074:
Vulnerabilities become deprecated when the software or vulnerable versions fall out of use. This can take an extended period of time; in particular, industrial software may not be feasible to replace even if the manufacturer stops supporting it.
965:
Successful vulnerability management usually involves a combination of remediation (closing a vulnerability), mitigation (increasing the difficulty, and reducing the consequences, of exploits), and accepting some residual risk. Often a
1000:
running. Software containing dormant and carrier vulnerabilities can sometimes be uninstalled or disabled, removing the risk. Active vulnerabilities, if distinguished from the other types, can be prioritized for patching.
1161:
The software vendor is usually not legally liable for the cost if a vulnerability is used in an attack, which creates an incentive to make cheaper but less secure software. Some companies are covered by laws, such as
1108:, or coordinated disclosure). The former approach is praised for its transparency, but the drawback is that the risk of attack is likely to be increased after disclosure with no patch available. Some vendors pay
2185:
Agrafiotis, Ioannis; Nurse, Jason R C; Goldsmith, Michael; Creese, Sadie; Upton, David (2018). "A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate".
732:
comes into existence when configuration settings cause risks to the system security, leading to such faults as unpatched software or file system permissions that do not sufficiently restrict access.
892:
is insufficient to reject the injected code. XSS can be persistent, when attackers save the malware in a data field and run it when the data is loaded; it can also be loaded using a malicious
577:
by malicious actors, and the actual risk is dependent on the nature of the vulnerability as well as the value of the surrounding system. Although some vulnerabilities can only be used for
620:
Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw.
1050:
fixed. Government or intelligence agencies buy vulnerabilities that have not been publicly disclosed and may use them in an attack, stockpile them, or notify the vendor. As of 2013, the
1020:
is a common strategy for reducing the harm that a cyberattack can cause. If a patch for third-party software is unavailable, it may be possible to temporarily disable the software.
806:
and allow anyone to contribute, which could enable the introduction of vulnerabilities. However, the same vulnerabilities also occur in proprietary operating systems such as
825:
are downloaded onto the end user's computers and are typically updated less frequently than web applications. Unlike web applications, they interact directly with a user's
1163:
1008:
Vulnerability mitigation is measures that do not close the vulnerability, but make it more difficult to exploit or reduce the consequences of an attack. Reducing the
2548:
681:
is used, rather than the organization's own hardware and software, the organization is dependent on the cloud services provider to prevent vulnerabilities.
512:
3092:
3069:
2497:
2478:
2459:
2440:
2421:
2402:
2383:
2364:
2345:
2326:
2307:
2288:
2264:
2245:
2226:
2175:
1312:
342:
3131:
1126:
1105:
725:
When the system fails to handle and exceptional or unanticipated condition correctly, an attacker can exploit the situation to gain access.
542:
3100:
2031:
1138:
1101:
1089:
1033:
penetration tests are conducted by trained hackers. Many companies prefer to contract out this work as it simulates an outsider attack.
664:
538:
2520:
2541:
739:—when timing or other external factors change the outcome and lead to inconsistent or unpredictable results—can cause a vulnerability.
36:
2026:
541:
or other systems, and added to vulnerability databases. As of 2023, there are more than 20 million vulnerabilities catalogued in the
3032:
2828:
2471:
The
Vulnerability Researcher's Handbook: A comprehensive guide to discovering, reporting, and publishing security vulnerabilities
3082:
1134:
811:
690:
593:, which is necessary for more severe attacks. Without a vulnerability, the exploit cannot gain access. It is also possible for
232:
53:
1133:. As of 2023, it has over 20 million entries. This information is shared into other databases, including the United States'
573:) as well as those that have not been patched are still liable for exploitation. Vulnerabilities vary in their ability to be
505:
2275:
2162:
932:
is similar to CSRF, but the request is forged from the server side and often exploits the enhanced privilege of the server.
2895:
2534:
598:
445:
242:
125:
115:
3136:
152:
140:
3087:
3008:
2808:
1146:
1142:
929:
779:
574:
227:
988:
855:
run on many websites. Because they are inherently less secure than other applications, they are a leading source of
3064:
3022:
2678:
923:
799:
464:
202:
935:
3141:
2925:
2643:
729:
697:
498:
247:
1071:
the patch to find the underlying vulnerability and develop exploits, often faster than users install the patch.
926:(CSRF) is creating client requests that do malicious actions, such as an attacker changing a user's credentials.
2910:
2788:
2683:
952:
833:
Unencrypted data that is in permanent storage or sent over a network is relatively easy for attackers to steal.
423:
382:
352:
302:
822:
718:
vulnerabilities enable an attacker to access a system that is supposed to be restricted to them, or engage in
2357:
This Is How They Tell Me the World Ends: Winner of the FT & McKinsey
Business Book of the Year Award 2021
2298:
Linkov, Igor; Kott, Alexander (2019). "Fundamental
Concepts of Cyber Resilience: Introduction and Overview".
2998:
2950:
2613:
1017:
614:
162:
3126:
1333:
1114:
417:
3039:
2773:
1150:
754:
678:
836:
3059:
2971:
2920:
2865:
2733:
2706:
2688:
2653:
2586:
2557:
2257:
Asset Attack
Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
1088:
A commonly used scale for assessing the severity of vulnerabilities is the open-source specification
873:
787:
719:
651:
624:
590:
570:
533:
435:
377:
297:
2843:
2618:
2576:
1338:
972:
897:
859:
and other security incidents. Common types of vulnerabilities found in these applications include:
412:
237:
147:
3027:
2955:
2860:
2164:
Zero Days, Thousands of Nights: The Life and Times of Zero-Day
Vulnerabilities and Their Exploits
760:
705:
557:
Despite developers' goal of delivering a product that works entirely as intended, virtually all
3075:
2833:
2768:
2718:
2665:
2623:
2571:
2493:
2474:
2455:
2436:
2417:
2398:
2379:
2360:
2341:
2322:
2303:
2284:
2260:
2241:
2222:
2202:
2171:
1308:
1130:
913:
807:
578:
407:
370:
337:
3044:
2984:
2748:
2738:
2633:
2194:
1068:
1063:
1029:
967:
907:
852:
840:
826:
783:
773:
387:
88:
2935:
2915:
2638:
2628:
701:
656:
634:
630:
167:
58:
27:
3105:
3003:
2853:
2803:
2778:
2743:
2723:
2603:
2591:
1171:
1153:
products. Submitting a CVE is voluntary for companies that discovered a vulnerability.
1041:
1009:
993:
984:
959:
939:
889:
877:
863:
759:
Deliberate security bugs can be introduced during or after manufacturing and cause the
736:
715:
709:
674:
582:
566:
476:
307:
260:
190:
71:
48:
693:
classifies vulnerabilities into eight root causes that may be overlapping, including:
3120:
3015:
2976:
2945:
2940:
2793:
2783:
2753:
903:
867:
569:
are often released to fix identified vulnerabilities, but those that remain unknown (
558:
312:
207:
104:
916:
is a form of code injection where the attacker places the malware in data fields or
870:
failures enable attackers to access data that should be restricted to trusted users.
623:
Connectivity: any system connected to the internet can be accessed and compromised.
613:
Complexity: Large, complex systems increase the probability of flaws and unintended
609:
Fundamental design factors that can increase the burden of vulnerabilities include:
589:), without the user being aware of it. Only a minority of vulnerabilities allow for
3049:
2905:
2608:
2376:
Trusted
Digital Circuits: Hardware Trojan Vulnerabilities, Prevention and Detection
2214:
667:
tools that can be used as part of code reviews and may find some vulnerabilities.
562:
400:
267:
220:
75:
2989:
2823:
2798:
2763:
2598:
1055:
1016:(administrator) access, and closing off opportunities for exploits to engage in
856:
803:
791:
660:
601:
or implants the malware in legitimate software that is downloaded deliberately.
565:
contains bugs. If a bug creates a security risk, it is called a vulnerability.
528:
are flaws in a computer system that weaken the overall security of the system.
470:
357:
94:
2319:
Practical
Vulnerability Management: A Strategic Approach to Managing Cyber Risk
790:
bugs that enable the attacker to gain more access than they should be allowed.
3054:
2870:
2818:
2701:
2581:
2433:
Why Don't We Defend Better?: Data
Breaches, Risk Management, and Public Policy
1109:
881:
637:
is at increased risk, but upgrading often is prohibitive in terms of cost and
327:
322:
99:
2206:
2930:
2885:
2880:
2728:
2696:
2198:
1051:
1013:
347:
197:
177:
82:
43:
2452:
Targeted Cyber
Attacks: Multi-staged Attacks Driven by Exploits and Malware
1332:. The COAST Laboratory Department of Computer Sciences, Purdue University.
2515:
1117:, often considered the most dangerous type because fewer defenses exist.
627:
is one truly effective measure against attacks, but it is rarely feasible.
2890:
2848:
2711:
638:
441:
172:
120:
896:
link (reflected XSS). Attackers can also insert malicious code into the
814:. All reputable vendors of operating systems provide patches regularly.
712:
is not sufficient to prevent the attacker from injecting malicious code.
2900:
2875:
2838:
2526:
917:
885:
594:
586:
429:
317:
292:
285:
157:
2813:
2758:
2673:
670:
483:
332:
272:
110:
1961:
1959:
1149:. CVE and other databases typically do not track vulnerabilities in
938:
occurs when programmers do not consider unexpected cases arising in
1100:
Someone who discovers a vulnerability may disclose it immediately (
597:
to be installed directly, without an exploit, if the attacker uses
1167:
1040:
795:
2238:
Mobile OS Vulnerabilities: Quantitative and
Qualitative Analysis
1624:
1622:
983:
Remediation fixes vulnerabilities, for example by downloading a
2530:
2277:
The Defender’s Dilemma: Charting a Course Toward Cybersecurity
2089:
2087:
893:
1816:
1814:
1741:
1739:
1697:
1695:
1693:
1174:, that place legal requirements on vulnerability management.
2652:
2414:
Introduction to Cybersecurity: A Multidisciplinary Challenge
1464:
1462:
1460:
1447:
1445:
920:. The attacker might be able to take over the entire server.
1922:
1920:
1918:
1916:
1307:. Morgan Kaufmann Publications. Elsevier Inc. p. 393.
1202:
1200:
1198:
677:
by paring down dependencies to only what is necessary. If
829:. Common vulnerabilities in these applications include:
1855:
1853:
1581:
1579:
1577:
1575:
1573:
1548:
1546:
1544:
1542:
1529:
1527:
1525:
1303:
Kakareka, Almantas (2009). "23". In Vacca, John (ed.).
1137:, where each vulnerability is given a risk score using
2274:
Libicki, Martin C.; Ablon, Lillian; Webb, Tim (2015).
2116:
2114:
1714:
1712:
1710:
2488:
Tjoa, Simon; Gafić, Melisa; Kieseberg, Peter (2024).
2302:. Springer International Publishing. pp. 1–25.
2964:
2664:
2564:
2395:
PCI DSS: An Integrated Data Security Standard Guide
581:attacks, more dangerous ones allow the attacker to
1609:
2219:Big Breaches: Cybersecurity Lessons for Everyone
2066:
1965:
1950:
1895:
1871:
1125:The most commonly used vulnerability dataset is
1242:
1218:
839:occurs when an attacker takes over an existing
685:National Vulnerability Database classification
2542:
506:
8:
2144:
2093:
2054:
2013:
1832:
1820:
1805:
1769:
1757:
1745:
1730:
1701:
1684:
1628:
1564:
1424:
1412:
1400:
1388:
1364:
1290:
1278:
1266:
1254:
1104:) or wait until a patch has been developed (
1012:, particularly for parts of the system with
663:can lead to missed bugs, but there are also
2132:
2027:"Ask an Ethicist: Vulnerability Disclosure"
1907:
1656:
1640:
1504:
1468:
1451:
1436:
1206:
1189:
2549:
2535:
2527:
2431:Sloan, Robert H.; Warner, Richard (2019).
1926:
1352:
1305:Computer and Information Security Handbook
513:
499:
18:
3093:Security information and event management
1793:
1781:
1672:
1337:
16:Exploitable weakness in a computer system
2300:Cyber Resilience of Systems and Networks
1883:
2255:Haber, Morey J.; Hibbert, Brad (2018).
1492:
1480:
1182:
625:Disconnecting systems from the internet
26:
2450:Sood, Aditya; Enbody, Richard (2014).
2120:
2105:
2078:
2001:
1989:
1977:
1938:
1859:
1844:
1718:
1597:
1585:
1552:
1533:
1376:
1230:
3070:Host-based intrusion detection system
2236:Garg, Shivi; Baliyan, Niyati (2023).
2161:Ablon, Lillian; Bogart, Andy (2017).
1516:
1113:vendor or the public, it is called a
1079:Assessment, disclosure, and inventory
7:
1127:Common Vulnerabilities and Exposures
910:to gain unauthorized access to data.
543:Common Vulnerabilities and Exposures
3101:Runtime application self-protection
2034:'s Committee on Professional Ethics
2032:Association for Computing Machinery
1139:Common Vulnerability Scoring System
1090:Common Vulnerability Scoring System
539:Common Vulnerability Scoring System
233:forensics-focused operating systems
2338:Zero Day: The Threat In Cyberspace
14:
3033:Security-focused operating system
2829:Insecure direct object reference
2514:
1067:is released. Cybercriminals can
780:operating system vulnerabilities
774:Operating system § Security
764:introduced by malicious actors.
3083:Information security management
1135:National Vulnerability Database
989:Software vulnerability scanners
906:and similar attacks manipulate
691:National Vulnerability Database
585:and run their own code (called
54:Hacking of consumer electronics
2067:Libicki, Ablon & Webb 2015
1966:Libicki, Ablon & Webb 2015
1951:Libicki, Ablon & Webb 2015
1896:Libicki, Ablon & Webb 2015
1872:Libicki, Ablon & Webb 2015
1330:Technical Report CSD-TR-97-026
1328:Krsul, Ivan (April 15, 1997).
1:
2490:Cyber Resilience Fundamentals
708:) vulnerabilities occur when
936:Business logic vulnerability
786:in use, a common problem is
744:Vulnerabilities by component
730:configuration vulnerability
153:Chaos Communication Congress
3132:Hacking (computer security)
3088:Information risk management
3009:Multi-factor authentication
2565:Related security categories
1243:Daswani & Elbayadi 2021
1219:Daswani & Elbayadi 2021
1147:Common Weakness Enumeration
1143:Common Platform Enumeration
930:Server-side request forgery
876:(XSS) enables attackers to
3158:
3065:Intrusion detection system
3023:Computer security software
2679:Advanced persistent threat
2317:Magnusson, Andrew (2020).
2217:; Elbayadi, Moudy (2021).
950:
924:Cross-site request forgery
823:Client–server applications
818:Client–server applications
794:operating systems such as
771:
752:
465:2600: The Hacker Quarterly
203:List of computer criminals
2650:
2644:Digital rights management
2521:Vulnerability (computing)
2469:Strout, Benjamin (2023).
2359:. Bloomsbury Publishing.
2355:Perlroth, Nicole (2021).
2336:O'Harrow, Robert (2013).
802:have a freely accessible
2789:Denial-of-service attack
2684:Arbitrary code execution
2374:Salmani, Hassan (2018).
2187:Journal of Cybersecurity
2145:Haber & Hibbert 2018
2094:Haber & Hibbert 2018
2014:Haber & Hibbert 2018
1833:Haber & Hibbert 2018
1821:Haber & Hibbert 2018
1806:Haber & Hibbert 2018
1770:Haber & Hibbert 2018
1758:Haber & Hibbert 2018
1746:Haber & Hibbert 2018
1731:Haber & Hibbert 2018
1702:Haber & Hibbert 2018
1685:Haber & Hibbert 2018
1629:Haber & Hibbert 2018
1565:Haber & Hibbert 2018
1425:Haber & Hibbert 2018
1413:Haber & Hibbert 2018
1401:Haber & Hibbert 2018
1389:Haber & Hibbert 2018
1365:Haber & Hibbert 2018
1291:Haber & Hibbert 2018
1279:Haber & Hibbert 2018
1267:Haber & Hibbert 2018
1255:Haber & Hibbert 2018
953:Vulnerability management
383:Cloud computing security
2999:Computer access control
2951:Rogue security software
2614:Electromagnetic warfare
2133:Sloan & Warner 2019
1908:Ablon & Bogart 2017
1505:Garg & Baliyan 2023
1469:Garg & Baliyan 2023
1452:Garg & Baliyan 2023
1437:Garg & Baliyan 2023
1207:Ablon & Bogart 2017
1190:Ablon & Bogart 2017
1121:Vulnerability inventory
1037:Vulnerability lifecycle
812:Apple operating systems
163:Hackers on Planet Earth
3045:Obfuscation (software)
2774:Browser Helper Objects
2658:
1927:Sood & Enbody 2014
1353:Linkov & Kott 2019
1115:zero-day vulnerability
1106:responsible disclosure
1046:
1045:Vulnerability timeline
1018:privilege exploitation
782:vary depending on the
418:Homebrew Computer Club
3040:Data-centric security
2921:Remote access trojans
2656:
2412:Sharp, Robin (2024).
2199:10.1093/cybsec/tyy006
1151:software as a service
1129:(CVE), maintained by
1044:
755:Hardware security bug
679:software as a service
2972:Application security
2866:Privilege escalation
2734:Cross-site scripting
2587:Cybersex trafficking
2558:Information security
2523:at Wikimedia Commons
2473:. Packt Publishing.
2393:Seaman, Jim (2020).
2283:. Rand Corporation.
2170:. Rand Corporation.
874:Cross-site scripting
788:privilege escalation
720:privilege escalation
665:static code analysis
652:software development
591:privilege escalation
534:software development
436:Masters of Deception
378:Application security
3137:Security compliance
2619:Information warfare
2577:Automotive security
2492:. Springer Nature.
2416:. Springer Nature.
2340:. Diversion Books.
2321:. No Starch Press.
2135:, pp. 104–105.
1687:, pp. 166–167.
1427:, pp. 135–137.
973:diminishing returns
898:domain object model
646:Development factors
413:Chaos Computer Club
148:Black Hat Briefings
22:Part of a series on
3028:Antivirus software
2896:Social engineering
2861:Polymorphic engine
2814:Fraudulent dialers
2719:Hardware backdoors
2659:
1898:, pp. 44, 46.
1663:, pp. 68, 70.
1145:(CPE) scheme, and
1047:
761:integrated circuit
706:boundary condition
599:social engineering
243:Social engineering
3114:
3113:
3076:Anomaly detection
2981:Secure by default
2834:Keystroke loggers
2769:Drive-by download
2657:vectorial version
2624:Internet security
2572:Computer security
2519:Media related to
2499:978-3-031-52064-8
2480:978-1-80324-356-6
2461:978-0-12-800619-1
2442:978-1-351-12729-5
2423:978-3-031-41463-3
2404:978-1-4842-5808-8
2385:978-3-319-79081-7
2366:978-1-5266-2983-8
2347:978-1-938120-76-3
2328:978-1-59327-989-9
2309:978-3-319-77492-3
2290:978-0-8330-8911-3
2266:978-1-4842-3627-7
2247:978-1-000-92451-0
2228:978-1-4842-6654-0
2177:978-0-8330-9761-3
2016:, pp. 73–74.
1968:, pp. 49–50.
1772:, pp. 84–85.
1733:, pp. 12–13.
1631:, pp. 97–98.
1600:, pp. 14–15.
1507:, pp. 20–25.
1439:, pp. 17–18.
1314:978-0-12-374354-1
1293:, pp. 13–14.
1245:, pp. 26–27.
1233:, pp. 47–48.
1131:Mitre Corporation
914:Command injection
837:Process hijacking
808:Microsoft Windows
579:denial of service
523:
522:
371:Computer security
338:Keystroke logging
3149:
3142:Software testing
2985:Secure by design
2916:Hardware Trojans
2749:History sniffing
2739:Cross-site leaks
2634:Network security
2551:
2544:
2537:
2528:
2518:
2503:
2484:
2465:
2446:
2427:
2408:
2389:
2370:
2351:
2332:
2313:
2294:
2282:
2270:
2251:
2232:
2210:
2181:
2169:
2148:
2142:
2136:
2130:
2124:
2118:
2109:
2103:
2097:
2091:
2082:
2076:
2070:
2064:
2058:
2052:
2046:
2045:
2043:
2041:
2023:
2017:
2011:
2005:
1999:
1993:
1987:
1981:
1975:
1969:
1963:
1954:
1948:
1942:
1936:
1930:
1924:
1911:
1905:
1899:
1893:
1887:
1881:
1875:
1869:
1863:
1857:
1848:
1842:
1836:
1830:
1824:
1818:
1809:
1803:
1797:
1791:
1785:
1779:
1773:
1767:
1761:
1755:
1749:
1743:
1734:
1728:
1722:
1716:
1705:
1699:
1688:
1682:
1676:
1670:
1664:
1654:
1648:
1638:
1632:
1626:
1617:
1607:
1601:
1595:
1589:
1583:
1568:
1562:
1556:
1550:
1537:
1531:
1520:
1514:
1508:
1502:
1496:
1490:
1484:
1478:
1472:
1466:
1455:
1449:
1440:
1434:
1428:
1422:
1416:
1410:
1404:
1398:
1392:
1386:
1380:
1374:
1368:
1362:
1356:
1350:
1344:
1343:
1341:
1325:
1319:
1318:
1300:
1294:
1288:
1282:
1276:
1270:
1264:
1258:
1252:
1246:
1240:
1234:
1228:
1222:
1216:
1210:
1204:
1193:
1187:
1069:reverse engineer
1030:penetration test
968:defense in depth
908:database queries
853:Web applications
848:Web applications
841:computer process
827:operating system
784:operating system
768:Operating system
698:Input validation
567:Software patches
545:(CVE) database.
515:
508:
501:
388:Network security
89:Hacker Manifesto
28:Computer hacking
19:
3157:
3156:
3152:
3151:
3150:
3148:
3147:
3146:
3117:
3116:
3115:
3110:
2960:
2660:
2648:
2639:Copy protection
2629:Mobile security
2560:
2555:
2511:
2506:
2500:
2487:
2481:
2468:
2462:
2449:
2443:
2430:
2424:
2411:
2405:
2392:
2386:
2373:
2367:
2354:
2348:
2335:
2329:
2316:
2310:
2297:
2291:
2280:
2273:
2267:
2254:
2248:
2235:
2229:
2213:
2184:
2178:
2167:
2160:
2156:
2151:
2143:
2139:
2131:
2127:
2119:
2112:
2104:
2100:
2092:
2085:
2077:
2073:
2065:
2061:
2053:
2049:
2039:
2037:
2025:
2024:
2020:
2012:
2008:
2004:, pp. 5–6.
2000:
1996:
1988:
1984:
1976:
1972:
1964:
1957:
1949:
1945:
1937:
1933:
1925:
1914:
1906:
1902:
1894:
1890:
1882:
1878:
1870:
1866:
1858:
1851:
1843:
1839:
1831:
1827:
1819:
1812:
1804:
1800:
1792:
1788:
1780:
1776:
1768:
1764:
1756:
1752:
1744:
1737:
1729:
1725:
1717:
1708:
1700:
1691:
1683:
1679:
1671:
1667:
1655:
1651:
1639:
1635:
1627:
1620:
1608:
1604:
1596:
1592:
1584:
1571:
1563:
1559:
1551:
1540:
1532:
1523:
1515:
1511:
1503:
1499:
1491:
1487:
1479:
1475:
1467:
1458:
1450:
1443:
1435:
1431:
1423:
1419:
1411:
1407:
1399:
1395:
1387:
1383:
1375:
1371:
1363:
1359:
1351:
1347:
1327:
1326:
1322:
1315:
1302:
1301:
1297:
1289:
1285:
1277:
1273:
1265:
1261:
1257:, pp. 5–6.
1253:
1249:
1241:
1237:
1229:
1225:
1217:
1213:
1205:
1196:
1188:
1184:
1180:
1159:
1123:
1102:full disclosure
1098:
1086:
1081:
1039:
1026:
1006:
994:false positives
981:
955:
949:
850:
820:
776:
770:
757:
751:
746:
702:buffer overflow
687:
657:company culture
648:
631:Legacy software
607:
555:
526:Vulnerabilities
519:
490:
489:
459:
451:
450:
403:
393:
392:
373:
363:
362:
288:
278:
277:
263:
253:
252:
223:
213:
212:
193:
183:
182:
168:Security BSides
143:
133:
132:
78:
64:
63:
59:List of hackers
39:
17:
12:
11:
5:
3155:
3153:
3145:
3144:
3139:
3134:
3129:
3119:
3118:
3112:
3111:
3109:
3108:
3106:Site isolation
3103:
3098:
3097:
3096:
3090:
3080:
3079:
3078:
3073:
3062:
3057:
3052:
3047:
3042:
3037:
3036:
3035:
3030:
3020:
3019:
3018:
3013:
3012:
3011:
3004:Authentication
2996:
2995:
2994:
2993:
2992:
2982:
2979:
2968:
2966:
2962:
2961:
2959:
2958:
2953:
2948:
2943:
2938:
2933:
2928:
2923:
2918:
2913:
2908:
2903:
2898:
2893:
2888:
2883:
2878:
2873:
2868:
2863:
2858:
2857:
2856:
2846:
2841:
2836:
2831:
2826:
2821:
2816:
2811:
2806:
2804:Email spoofing
2801:
2796:
2791:
2786:
2781:
2776:
2771:
2766:
2761:
2756:
2751:
2746:
2744:DOM clobbering
2741:
2736:
2731:
2726:
2724:Code injection
2721:
2716:
2715:
2714:
2709:
2704:
2699:
2691:
2686:
2681:
2676:
2670:
2668:
2662:
2661:
2651:
2649:
2647:
2646:
2641:
2636:
2631:
2626:
2621:
2616:
2611:
2606:
2604:Cyberterrorism
2601:
2596:
2595:
2594:
2592:Computer fraud
2589:
2579:
2574:
2568:
2566:
2562:
2561:
2556:
2554:
2553:
2546:
2539:
2531:
2525:
2524:
2510:
2509:External links
2507:
2505:
2504:
2498:
2485:
2479:
2466:
2460:
2447:
2441:
2428:
2422:
2409:
2403:
2390:
2384:
2371:
2365:
2352:
2346:
2333:
2327:
2314:
2308:
2295:
2289:
2271:
2265:
2252:
2246:
2233:
2227:
2211:
2182:
2176:
2157:
2155:
2152:
2150:
2149:
2147:, p. 111.
2137:
2125:
2110:
2098:
2096:, p. 110.
2083:
2071:
2059:
2047:
2036:. 17 July 2018
2018:
2006:
1994:
1982:
1970:
1955:
1943:
1931:
1912:
1900:
1888:
1886:, p. 145.
1876:
1864:
1849:
1837:
1825:
1810:
1798:
1794:Magnusson 2020
1786:
1782:Magnusson 2020
1774:
1762:
1750:
1735:
1723:
1706:
1689:
1677:
1673:Magnusson 2020
1665:
1649:
1633:
1618:
1602:
1590:
1569:
1567:, p. 129.
1557:
1538:
1521:
1519:, p. 271.
1509:
1497:
1485:
1473:
1456:
1441:
1429:
1417:
1415:, p. 142.
1405:
1403:, p. 141.
1393:
1391:, p. 143.
1381:
1369:
1367:, p. 155.
1357:
1345:
1339:10.1.1.26.5435
1320:
1313:
1295:
1283:
1271:
1259:
1247:
1235:
1223:
1211:
1194:
1181:
1179:
1176:
1172:Sarbanes-Oxley
1158:
1155:
1122:
1119:
1097:
1094:
1085:
1082:
1080:
1077:
1038:
1035:
1025:
1022:
1010:attack surface
1005:
1002:
985:software patch
980:
977:
960:attack surface
951:Main article:
948:
945:
944:
943:
940:business logic
933:
927:
921:
911:
901:
890:input checking
871:
864:Authentication
849:
846:
845:
844:
834:
819:
816:
769:
766:
753:Main article:
750:
747:
745:
742:
741:
740:
737:race condition
733:
726:
723:
716:Access control
713:
710:input checking
686:
683:
675:attack surface
647:
644:
643:
642:
628:
621:
618:
606:
605:Design factors
603:
554:
551:
521:
520:
518:
517:
510:
503:
495:
492:
491:
488:
487:
480:
477:Nuts and Volts
473:
468:
460:
457:
456:
453:
452:
449:
448:
439:
433:
427:
424:Legion of Doom
421:
415:
410:
404:
399:
398:
395:
394:
391:
390:
385:
380:
374:
369:
368:
365:
364:
361:
360:
355:
350:
345:
340:
335:
330:
325:
320:
315:
310:
305:
300:
295:
289:
284:
283:
280:
279:
276:
275:
270:
264:
261:Practice sites
259:
258:
255:
254:
251:
250:
245:
240:
235:
230:
224:
219:
218:
215:
214:
211:
210:
205:
200:
194:
191:Computer crime
189:
188:
185:
184:
181:
180:
175:
170:
165:
160:
155:
150:
144:
139:
138:
135:
134:
131:
130:
129:
128:
123:
118:
107:
102:
97:
92:
85:
79:
72:Hacker culture
70:
69:
66:
65:
62:
61:
56:
51:
49:Cryptovirology
46:
40:
35:
34:
31:
30:
24:
23:
15:
13:
10:
9:
6:
4:
3:
2:
3154:
3143:
3140:
3138:
3135:
3133:
3130:
3128:
3127:Vulnerability
3125:
3124:
3122:
3107:
3104:
3102:
3099:
3094:
3091:
3089:
3086:
3085:
3084:
3081:
3077:
3074:
3071:
3068:
3067:
3066:
3063:
3061:
3058:
3056:
3053:
3051:
3048:
3046:
3043:
3041:
3038:
3034:
3031:
3029:
3026:
3025:
3024:
3021:
3017:
3016:Authorization
3014:
3010:
3007:
3006:
3005:
3002:
3001:
3000:
2997:
2991:
2988:
2987:
2986:
2983:
2980:
2978:
2977:Secure coding
2975:
2974:
2973:
2970:
2969:
2967:
2963:
2957:
2954:
2952:
2949:
2947:
2946:SQL injection
2944:
2942:
2939:
2937:
2934:
2932:
2929:
2927:
2926:Vulnerability
2924:
2922:
2919:
2917:
2914:
2912:
2911:Trojan horses
2909:
2907:
2906:Software bugs
2904:
2902:
2899:
2897:
2894:
2892:
2889:
2887:
2884:
2882:
2879:
2877:
2874:
2872:
2869:
2867:
2864:
2862:
2859:
2855:
2852:
2851:
2850:
2847:
2845:
2842:
2840:
2837:
2835:
2832:
2830:
2827:
2825:
2822:
2820:
2817:
2815:
2812:
2810:
2807:
2805:
2802:
2800:
2797:
2795:
2794:Eavesdropping
2792:
2790:
2787:
2785:
2784:Data scraping
2782:
2780:
2777:
2775:
2772:
2770:
2767:
2765:
2762:
2760:
2757:
2755:
2754:Cryptojacking
2752:
2750:
2747:
2745:
2742:
2740:
2737:
2735:
2732:
2730:
2727:
2725:
2722:
2720:
2717:
2713:
2710:
2708:
2705:
2703:
2700:
2698:
2695:
2694:
2692:
2690:
2687:
2685:
2682:
2680:
2677:
2675:
2672:
2671:
2669:
2667:
2663:
2655:
2645:
2642:
2640:
2637:
2635:
2632:
2630:
2627:
2625:
2622:
2620:
2617:
2615:
2612:
2610:
2607:
2605:
2602:
2600:
2597:
2593:
2590:
2588:
2585:
2584:
2583:
2580:
2578:
2575:
2573:
2570:
2569:
2567:
2563:
2559:
2552:
2547:
2545:
2540:
2538:
2533:
2532:
2529:
2522:
2517:
2513:
2512:
2508:
2501:
2495:
2491:
2486:
2482:
2476:
2472:
2467:
2463:
2457:
2453:
2448:
2444:
2438:
2435:. CRC Press.
2434:
2429:
2425:
2419:
2415:
2410:
2406:
2400:
2396:
2391:
2387:
2381:
2377:
2372:
2368:
2362:
2358:
2353:
2349:
2343:
2339:
2334:
2330:
2324:
2320:
2315:
2311:
2305:
2301:
2296:
2292:
2286:
2279:
2278:
2272:
2268:
2262:
2258:
2253:
2249:
2243:
2240:. CRC Press.
2239:
2234:
2230:
2224:
2220:
2216:
2215:Daswani, Neil
2212:
2208:
2204:
2200:
2196:
2192:
2188:
2183:
2179:
2173:
2166:
2165:
2159:
2158:
2153:
2146:
2141:
2138:
2134:
2129:
2126:
2122:
2117:
2115:
2111:
2108:, p. 22.
2107:
2102:
2099:
2095:
2090:
2088:
2084:
2081:, p. 36.
2080:
2075:
2072:
2069:, p. 45.
2068:
2063:
2060:
2057:, p. 18.
2056:
2055:O'Harrow 2013
2051:
2048:
2035:
2033:
2028:
2022:
2019:
2015:
2010:
2007:
2003:
1998:
1995:
1992:, p. 19.
1991:
1986:
1983:
1980:, p. 28.
1979:
1974:
1971:
1967:
1962:
1960:
1956:
1953:, p. 50.
1952:
1947:
1944:
1941:, p. 26.
1940:
1935:
1932:
1929:, p. 42.
1928:
1923:
1921:
1919:
1917:
1913:
1909:
1904:
1901:
1897:
1892:
1889:
1885:
1884:Perlroth 2021
1880:
1877:
1874:, p. 44.
1873:
1868:
1865:
1862:, p. 18.
1861:
1856:
1854:
1850:
1847:, p. 16.
1846:
1841:
1838:
1835:, p. 94.
1834:
1829:
1826:
1823:, p. 96.
1822:
1817:
1815:
1811:
1808:, p. 93.
1807:
1802:
1799:
1796:, p. 33.
1795:
1790:
1787:
1784:, p. 32.
1783:
1778:
1775:
1771:
1766:
1763:
1760:, p. 85.
1759:
1754:
1751:
1748:, p. 84.
1747:
1742:
1740:
1736:
1732:
1727:
1724:
1720:
1715:
1713:
1711:
1707:
1704:, p. 11.
1703:
1698:
1696:
1694:
1690:
1686:
1681:
1678:
1675:, p. 34.
1674:
1669:
1666:
1662:
1660:
1653:
1650:
1647:, p. 63.
1646:
1644:
1637:
1634:
1630:
1625:
1623:
1619:
1615:
1613:
1606:
1603:
1599:
1594:
1591:
1588:, p. 14.
1587:
1582:
1580:
1578:
1576:
1574:
1570:
1566:
1561:
1558:
1555:, p. 13.
1554:
1549:
1547:
1545:
1543:
1539:
1536:, p. 15.
1535:
1530:
1528:
1526:
1522:
1518:
1513:
1510:
1506:
1501:
1498:
1495:, p. 11.
1494:
1489:
1486:
1482:
1477:
1474:
1471:, p. 18.
1470:
1465:
1463:
1461:
1457:
1454:, p. 17.
1453:
1448:
1446:
1442:
1438:
1433:
1430:
1426:
1421:
1418:
1414:
1409:
1406:
1402:
1397:
1394:
1390:
1385:
1382:
1379:, p. 17.
1378:
1373:
1370:
1366:
1361:
1358:
1354:
1349:
1346:
1340:
1335:
1331:
1324:
1321:
1316:
1310:
1306:
1299:
1296:
1292:
1287:
1284:
1281:, p. 10.
1280:
1275:
1272:
1268:
1263:
1260:
1256:
1251:
1248:
1244:
1239:
1236:
1232:
1227:
1224:
1221:, p. 25.
1220:
1215:
1212:
1208:
1203:
1201:
1199:
1195:
1191:
1186:
1183:
1177:
1175:
1173:
1169:
1165:
1156:
1154:
1152:
1148:
1144:
1140:
1136:
1132:
1128:
1120:
1118:
1116:
1111:
1107:
1103:
1095:
1093:
1091:
1083:
1078:
1076:
1072:
1070:
1065:
1059:
1057:
1053:
1043:
1036:
1034:
1031:
1023:
1021:
1019:
1015:
1011:
1003:
1001:
997:
995:
990:
986:
978:
976:
974:
969:
963:
961:
954:
946:
941:
937:
934:
931:
928:
925:
922:
919:
915:
912:
909:
905:
904:SQL injection
902:
899:
895:
891:
887:
883:
879:
875:
872:
869:
868:authorization
865:
862:
861:
860:
858:
857:data breaches
854:
847:
842:
838:
835:
832:
831:
830:
828:
824:
817:
815:
813:
809:
805:
801:
797:
793:
789:
785:
781:
775:
767:
765:
762:
756:
748:
743:
738:
734:
731:
727:
724:
721:
717:
714:
711:
707:
703:
699:
696:
695:
694:
692:
684:
682:
680:
676:
672:
668:
666:
662:
658:
653:
645:
640:
636:
632:
629:
626:
622:
619:
616:
615:access points
612:
611:
610:
604:
602:
600:
596:
592:
588:
584:
580:
576:
572:
568:
564:
560:
552:
550:
546:
544:
540:
535:
529:
527:
516:
511:
509:
504:
502:
497:
496:
494:
493:
486:
485:
481:
479:
478:
474:
472:
469:
467:
466:
462:
461:
455:
454:
447:
443:
440:
437:
434:
431:
428:
425:
422:
419:
416:
414:
411:
409:
406:
405:
402:
397:
396:
389:
386:
384:
381:
379:
376:
375:
372:
367:
366:
359:
356:
354:
351:
349:
346:
344:
341:
339:
336:
334:
331:
329:
326:
324:
321:
319:
316:
314:
311:
309:
306:
304:
301:
299:
296:
294:
291:
290:
287:
282:
281:
274:
271:
269:
266:
265:
262:
257:
256:
249:
248:Vulnerability
246:
244:
241:
239:
236:
234:
231:
229:
226:
225:
222:
221:Hacking tools
217:
216:
209:
208:Script kiddie
206:
204:
201:
199:
196:
195:
192:
187:
186:
179:
176:
174:
171:
169:
166:
164:
161:
159:
156:
154:
151:
149:
146:
145:
142:
137:
136:
127:
124:
122:
119:
117:
114:
113:
112:
108:
106:
105:Maker culture
103:
101:
98:
96:
93:
91:
90:
86:
84:
81:
80:
77:
73:
68:
67:
60:
57:
55:
52:
50:
47:
45:
42:
41:
38:
33:
32:
29:
25:
21:
20:
3050:Data masking
2609:Cyberwarfare
2489:
2470:
2454:. Syngress.
2451:
2432:
2413:
2394:
2378:. Springer.
2375:
2356:
2337:
2318:
2299:
2276:
2256:
2237:
2218:
2190:
2186:
2163:
2140:
2128:
2123:, p. 6.
2101:
2074:
2062:
2050:
2038:. Retrieved
2030:
2021:
2009:
1997:
1985:
1973:
1946:
1934:
1910:, p. 8.
1903:
1891:
1879:
1867:
1840:
1828:
1801:
1789:
1777:
1765:
1753:
1726:
1721:, p. 8.
1680:
1668:
1658:
1652:
1642:
1636:
1616:, p. 2.
1611:
1605:
1593:
1560:
1512:
1500:
1493:Salmani 2018
1488:
1483:, p. 1.
1481:Salmani 2018
1476:
1432:
1420:
1408:
1396:
1384:
1372:
1360:
1355:, p. 2.
1348:
1329:
1323:
1304:
1298:
1286:
1274:
1269:, p. 6.
1262:
1250:
1238:
1226:
1214:
1209:, p. 2.
1192:, p. 1.
1185:
1160:
1124:
1110:bug bounties
1099:
1087:
1073:
1060:
1056:exploit kits
1048:
1027:
1007:
998:
982:
964:
956:
851:
821:
777:
758:
688:
669:
661:code reviews
649:
608:
556:
547:
530:
525:
524:
482:
475:
463:
458:Publications
303:Trojan horse
268:HackThisSite
87:
2990:Misuse case
2824:Infostealer
2799:Email fraud
2764:Data breach
2599:Cybergeddon
2121:Strout 2023
2106:Strout 2023
2079:Strout 2023
2002:Strout 2023
1990:Strout 2023
1978:Strout 2023
1939:Strout 2023
1860:Strout 2023
1845:Strout 2023
1719:Strout 2023
1610:Agrafiotis
1598:Strout 2023
1586:Strout 2023
1553:Strout 2023
1534:Strout 2023
1377:Strout 2023
1231:Seaman 2020
979:Remediation
804:source code
792:Open-source
700:(including
471:Hacker News
358:Infostealer
141:Conferences
95:Hackerspace
3121:Categories
3055:Encryption
2931:Web shells
2871:Ransomware
2819:Hacktivism
2582:Cybercrime
2397:. Apress.
2259:. Apress.
2221:. Apress.
1517:Sharp 2024
1178:References
1096:Disclosure
1084:Assessment
1004:Mitigation
947:Management
882:JavaScript
772:See also:
328:Logic bomb
323:Ransomware
100:Hacktivism
2886:Shellcode
2881:Scareware
2729:Crimeware
2689:Backdoors
2207:2057-2085
1334:CiteSeerX
1157:Liability
1052:Five Eyes
918:processes
778:Although
575:exploited
571:zero days
532:Insecure
446:Blue team
438:(defunct)
432:(defunct)
426:(defunct)
420:(defunct)
408:Anonymous
348:Web shell
198:Crimeware
178:Summercon
126:White hat
116:Black hat
109:Types of
83:Hackathon
44:Phreaking
3060:Firewall
2965:Defenses
2891:Spamming
2876:Rootkits
2849:Phishing
2809:Exploits
1141:(CVSS),
880:and run
749:Hardware
639:downtime
635:hardware
563:hardware
559:software
442:Red team
298:Backdoor
173:ShmooCon
121:Grey hat
2901:Spyware
2844:Payload
2839:Malware
2779:Viruses
2759:Botnets
2666:Threats
2154:Sources
1024:Testing
886:malware
884:-based
800:Android
595:malware
587:malware
430:LulzSec
318:Spyware
293:Rootkit
286:Malware
238:Payload
228:Exploit
158:DEF CON
111:hackers
37:History
3095:(SIEM)
3072:(HIDS)
2956:Zombie
2693:Bombs
2674:Adware
2496:
2477:
2458:
2439:
2420:
2401:
2382:
2363:
2344:
2325:
2306:
2287:
2263:
2244:
2225:
2205:
2174:
1659:et al.
1643:et al.
1612:et al.
1336:
1311:
1170:, and
878:inject
671:DevOps
583:inject
553:Causes
484:Phrack
401:Groups
333:Botnet
273:Zone-H
2941:Worms
2936:Wiper
2854:Voice
2702:Logic
2281:(PDF)
2193:(1).
2168:(PDF)
2040:3 May
1657:Tjoa
1641:Tjoa
1168:HIPAA
888:when
796:Linux
650:Some
308:Virus
76:ethic
2707:Time
2697:Fork
2494:ISBN
2475:ISBN
2456:ISBN
2437:ISBN
2418:ISBN
2399:ISBN
2380:ISBN
2361:ISBN
2342:ISBN
2323:ISBN
2304:ISBN
2285:ISBN
2261:ISBN
2242:ISBN
2223:ISBN
2203:ISSN
2172:ISBN
2042:2024
1661:2024
1645:2024
1614:2018
1309:ISBN
1064:test
1014:root
866:and
810:and
798:and
704:and
689:The
633:and
561:and
343:HIDS
313:Worm
74:and
2712:Zip
2195:doi
1164:PCI
1058:.
975:.
962:.
894:URL
353:RCE
3123::
2201:.
2189:.
2113:^
2086:^
2029:.
1958:^
1915:^
1852:^
1813:^
1738:^
1709:^
1692:^
1621:^
1572:^
1541:^
1524:^
1459:^
1444:^
1197:^
1166:,
1028:A
996:.
987:.
735:A
728:A
444:/
2550:e
2543:t
2536:v
2502:.
2483:.
2464:.
2445:.
2426:.
2407:.
2388:.
2369:.
2350:.
2331:.
2312:.
2293:.
2269:.
2250:.
2231:.
2209:.
2197::
2191:4
2180:.
2044:.
1342:.
1317:.
942:.
900:.
843:.
722:.
641:.
617:.
514:e
507:t
500:v
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.