Source: https://owasp.org/www-pdf-archive//Durkee_OWASP_2015_09_AppSec.pdf