1. Software Security: Building Security;McGraw,2006

2. Andrew Austen, Laurie Williams, One technique is not enough: an empirical comparison of vulnerability discovery techniques, in: International Symposium on Empirical Software Engineering and Measurement, 2011, pp. 97–106.

3. G. Stoneburner, A. Goguen, A. Feringa, Risk management guide for information security systems. NIST Special Publication 800-30. July 2002. .

4. D. Allan, Web application security: automated scanning versus manual penetration testing, IBM Rational Software, Somers, White Paper, 2008.

5. Static analysis for security;Chess;IEEE Security and Privacy,2004