CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-02-12 21:52:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
34dbbccccc457729e1c396fab10a7d6b00aadfdd
www-project-ai-testing-guide/Document/content/References.md
Marco Morana 5fef43e31f Update References.md 
Added ref [23] to PJI taxonomy
2025-07-09 09:55:52 -04:00

6.4 KiB
Raw Blame History

References

[1] National Institute of Standards and Technology (NIST). Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST Special Publication 1270. Gaithersburg, MD: U.S. Department of Commerce, January 2023.Available from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf
[2] International Organization for Standardization. ISO/IEC 42001:2022 Information technology, Artificial intelligence, Management system, Requirements. Geneva: ISO, 2022. Available from https://www.iso.org/standard/81230.html
[3] OWASP Foundation. OWASP Top 10 for Large Language Models (LLMs). OWASP Foundation, 2024. Available from https://owasp.org/www-project-top-ten-llms/
[4] International Organization for Standardization. ISO/IEC 23053:2021 Information Technology, Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML). Geneva: ISO, 2021. Available from https://www.iso.org/standard/74630.html
[5] OWASP Foundation. OWASP AI Exchange. OWASP Foundation, 2024. Available from https://owasp.org/www-project-ai-exchange/
[6] NIST SP 800-115. National Institute of Standards and Technology (NIST). Technical Guide to Information Security Testing and Assessment. NIST Special Publication 800-115. Gaithersburg, MD: U.S. Department of Commerce, September 2008. Available from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
[7] Institute for Security and Open Methodologies (ISECOM). OSSTMM 3: The Open Source Security Testing Methodology Manual. ISECOM, 2020. Available from https://www.isecom.org/research/osstmm/
[8] OWASP Foundation. OWASP Web Security Testing Guide (WSTG) 4.2. OWASP Foundation, 2021. Available from https://owasp.org/www-project-web-security-testing-guide/
[9] UcedaVélez, T., & Morana, M. M. (2015). Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley. ISBN 978-1118810040. Available from https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118810040
[10] Shostack, A. (2014). Threat Modeling: Designing for Security. Wiley. ISBN 978-1118809990. Available from https://www.wiley.com/en-us/Threat%2BModeling%3A%2BDesigning%2Bfor%2BSecurity-p-9781118809990
[11] MITRE Corporation. (2023). MITRE ATLAS™: Adversarial Threat Landscape for Artificial-Intelligence Systems. Retrieved from https://atlas.mitre.org/
[12] Wuyts, K., & Joosen, W. (2015). LINDDUN privacy threat modeling: A tutorial (CW Reports CW685). Department of Computer Science, KU Leuven. Retrieved from https://linddun.org/publications/
[13] Google. (2023). Secure AI Framework (SAIF): A Conceptual Framework for Secure AI Systems. Retrieved from https://safety.google/cybersecurity-advancements/saif/
[14] OWASP AI Red Teaming Framework. Open Worldwide Application Security Project (OWASP), 2024. Available at: https://owasp.org/www-project-ai-red-teaming/
[15] Lewis, P., Perez, E., Piktus, A., Karpukhin, V., Goyal, N., Küttler, H., … & Riedel, S. (2021). Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. In NeurIPS 2021. Available from https://arxiv.org/abs/2005.11401
[16] Angles of Attack Research Group. Securing AI/ML Systems in the Age of Information Warfare. Angles of Attack White Paper, 2024. Available from https://anglesofattack.io/Securing_AIML_Systems_in_IW_Cox.pdf
[17] Scarfone, K., Souppaya, M., Cody, A., & Orebaugh, A. (2008). Technical Guide to Information Security Testing and Assessment (NIST Special Publication 800-115). National Institute of Standards and Technology. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-115/final
[18] Herzog, P., & the Institute for Security and Open Methodologies (ISECOM). (2010). Open Source Security Testing Methodology Manual (OSSTMM), Version 3. ISECOM. Retrieved from https://www.isecom.org/OSSTMM.3.pdf
[19] OWASP Foundation. (2023). OWASP Web Security Testing Guide (WSTG), Version 4.2. Open Worldwide Application Security Project. Retrieved from https://owasp.org/www-project-web-security-testing-guide/
[20] Yu, S. (2023). Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape. Wiley. ISBN: 978-1119895183. Available from: https://www.wiley.com/en-us/Cyber+Defense+Matrix%3A+The+Essential+Guide+to+Navigating+the+Cybersecurity+Landscape-p-9781119895183
[21] OWASP Agentic Security Initiative. (2025, February 17). Agentic AI Threats and Mitigations. OWASP Generative AI Security Project. Retrieved from https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/
[22] OWASP Agentic Security Initiative. “Multi-Agentic System Threat Modeling Guide v1.0.” OWASP Generative AI Security Project. April 23, 2025. https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/ [23] Jim Hoagland et al. "Prompt Injection Taxonomy for AI Applications." Pangea Security, 2024. https://pangea.cloud/securebydesign/aiapp-pi-taxonomy/

Reference in New Issue View Git Blame Copy Permalink