Network Security: Detailed info on Re: Inspecting Code for Security

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security SecProg

[Top] [All Lists]

Re: Inspecting Code for Security

from [Valdis . Kletnieks] Network Security

[Permanent Link]

Subject:	Re: Inspecting Code for Security
Date:	Wed, 22 Sep 2004 11:09:27 -0400

On Tue, 21 Sep 2004 20:57:51 +0200, "Aleksander P. Czarnowski" said:

I would say that the final list of objectives should be business driven,


The truly hard part is that usually the very top item of the list is proclaimed
by somebody very high up the totem pole, and is a variant on:

"We must ship/deploy/whatever by next Thursday or we're screwed..."

Admittedly, it's somewhat off-topic for a "code inspection", but it's really
somewhat pointless to do the inspection if you don't have at least a foggy
idea of what you intend to do if you find a really bad gaping hole.

First Law of Systems Programming: "Never test for error conditions that
you don't know how to handle..."  :)

pgpEx1jamKu1e.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Inspecting Code for Security, caleb . dods Re: Inspecting Code for Security, George V. Neville-Neil Re: Inspecting Code for Security, Juergen Brauckmann RE: Inspecting Code for Security, Aleksander P. Czarnowski Re: Inspecting Code for Security, Valdis . Kletnieks <= RE: Inspecting Code for Security, Aleksander P. Czarnowski RE: Inspecting Code for Security, Yvan Boily RE: Inspecting Code for Security, Aleksander P. Czarnowski RE: Inspecting Code for Security, Yvan Boily RE: Inspecting Code for Security, Yvan Boily RE: Inspecting Code for Security, Luis Hernandez RE: Inspecting Code for Security, Michael Howard

Previous by Date:	RE: Inspecting Code for Security, Luis Hernandez
Next by Date:	Re: "Selling" a code-audit., Javier Blanque
Previous by Thread:	RE: Inspecting Code for Security, Aleksander P. Czarnowski
Next by Thread:	RE: Inspecting Code for Security, Aleksander P. Czarnowski
Indexes:	[Date] [Thread] [Top] [All Lists]