CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-06-01 12:01:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
fec893e62e2da76f485312dc6b40b8dc2448e490
www-project-ai-testing-guide/Document/content/References.md
T
Marco Morana 5fef43e31f Update References.md 
Added ref [23] to PJI taxonomy
2025-07-09 09:55:52 -04:00

26 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
## References
\[1\] National Institute of Standards and Technology (NIST). Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST Special Publication 1270\. Gaithersburg, MD: U.S. Department of Commerce, January 2023.Available from [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf)
\[2\] International Organization for Standardization. ISO/IEC 42001:2022 Information technology, Artificial intelligence, Management system, Requirements. Geneva: ISO, 2022\. Available from [https://www.iso.org/standard/81230.html](https://www.iso.org/standard/81230.html)
\[3\] OWASP Foundation. OWASP Top 10 for Large Language Models (LLMs). OWASP Foundation, 2024\. Available from [https://owasp.org/www-project-top-ten-llms/](https://owasp.org/www-project-top-ten-llms/)
\[4\] International Organization for Standardization. ISO/IEC 23053:2021 Information Technology, Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML). Geneva: ISO, 2021\. Available from [https://www.iso.org/standard/74630.html](https://www.iso.org/standard/74630.html)
\[5\] OWASP Foundation. OWASP AI Exchange. OWASP Foundation, 2024\. Available from [https://owasp.org/www-project-ai-exchange/](https://owasp.org/www-project-ai-exchange/)
\[6\] NIST SP 800-115. National Institute of Standards and Technology (NIST). Technical Guide to Information Security Testing and Assessment. NIST Special Publication 800-115. Gaithersburg, MD: U.S. Department of Commerce, September 2008\. Available from [https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf)
\[7\] Institute for Security and Open Methodologies (ISECOM). OSSTMM 3: The Open Source Security Testing Methodology Manual. ISECOM, 2020\. Available from [https://www.isecom.org/research/osstmm/](https://www.isecom.org/research/osstmm/)
\[8\] OWASP Foundation. OWASP Web Security Testing Guide (WSTG) 4.2. OWASP Foundation, 2021\. Available from [https://owasp.org/www-project-web-security-testing-guide/](https://owasp.org/www-project-web-security-testing-guide/)
\[9\] UcedaVélez, T., & Morana, M. M. (2015). *Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis*. Wiley. ISBN 978-1118810040. Available from [https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118810040](https://www.wiley.com/en-us/Risk+Centric+Threat+Modeling%3A+Process+for+Attack+Simulation+and+Threat+Analysis-p-9781118810040)
\[10\] Shostack, A. (2014). *Threat Modeling: Designing for Security*. Wiley. ISBN 978-1118809990. Available from [https://www.wiley.com/en-us/Threat%2BModeling%3A%2BDesigning%2Bfor%2BSecurity-p-9781118809990](https://www.wiley.com/en-us/Threat%2BModeling%3A%2BDesigning%2Bfor%2BSecurity-p-9781118809990)
\[11\] MITRE Corporation. (2023). *MITRE ATLAS™:* Adversarial Threat Landscape for Artificial-Intelligence Systems. Retrieved from [https://atlas.mitre.org/](https://atlas.mitre.org/)
\[12\] Wuyts, K., & Joosen, W. (2015). LINDDUN privacy threat modeling: A tutorial (CW Reports CW685). Department of Computer Science, KU Leuven. Retrieved from [https://linddun.org/publications/](https://linddun.org/publications/)
\[13\] Google. (2023). *Secure AI Framework (SAIF): A Conceptual Framework for Secure AI Systems*. Retrieved from [https://safety.google/cybersecurity-advancements/saif/](https://safety.google/cybersecurity-advancements/saif/)
\[14\] *OWASP AI Red Teaming Framework*. Open Worldwide Application Security Project (OWASP), 2024\. Available at: [https://owasp.org/www-project-ai-red-teaming/](https://owasp.org/www-project-ai-red-teaming/)
\[15\] Lewis, P., Perez, E., Piktus, A., Karpukhin, V., Goyal, N., Küttler, H., … & Riedel, S. (2021). *Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks*. In *NeurIPS 2021*. Available from [https://arxiv.org/abs/2005.11401](https://arxiv.org/abs/2005.11401)
\[16\] Angles of Attack Research Group. *Securing AI/ML Systems in the Age of Information Warfare*. Angles of Attack White Paper, 2024\. Available from [https://anglesofattack.io/Securing\_AIML\_Systems\_in\_IW\_Cox.pdf](https://anglesofattack.io/Securing_AIML_Systems_in_IW_Cox.pdf)
\[17\] Scarfone, K., Souppaya, M., Cody, A., & Orebaugh, A. (2008). *Technical Guide to Information Security Testing and Assessment* (NIST Special Publication 800-115). National Institute of Standards and Technology. Retrieved from [https://csrc.nist.gov/publications/detail/sp/800-115/final](https://csrc.nist.gov/publications/detail/sp/800-115/final)
\[18\] Herzog, P., & the Institute for Security and Open Methodologies (ISECOM). (2010). *Open Source Security Testing Methodology Manual (OSSTMM), Version 3*. ISECOM. Retrieved from [https://www.isecom.org/OSSTMM.3.pdf](https://www.isecom.org/OSSTMM.3.pdf)
\[19\] OWASP Foundation. (2023). *OWASP Web Security Testing Guide (WSTG), Version 4.2*. Open Worldwide Application Security Project. Retrieved from [https://owasp.org/www-project-web-security-testing-guide/](https://owasp.org/www-project-web-security-testing-guide/)
\[20\] Yu, S. (2023). *Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape.* Wiley. ISBN: 978-1119895183. Available from: [https://www.wiley.com/en-us/Cyber+Defense+Matrix%3A+The+Essential+Guide+to+Navigating+the+Cybersecurity+Landscape-p-9781119895183](https://www.wiley.com/en-us/Cyber+Defense+Matrix%3A+The+Essential+Guide+to+Navigating+the+Cybersecurity+Landscape-p-9781119895183)
\[21\] OWASP Agentic Security Initiative. (2025, February 17). *Agentic AI Threats and Mitigations*. OWASP Generative AI Security Project. Retrieved from [https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/](https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/)
\[22\] OWASP Agentic Security Initiative. “Multi-Agentic System Threat Modeling Guide v1.0.” OWASP Generative AI Security Project. April 23, 2025\. [https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/](https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/)
\[23\] Jim Hoagland et al. "Prompt Injection Taxonomy for AI Applications." Pangea Security, 2024\. [https://pangea.cloud/securebydesign/aiapp-pi-taxonomy/](https://pangea.cloud/securebydesign/aiapp-pi-taxonomy/)
Reference in New Issue View Git Blame Copy Permalink