Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New article: "Secure programmer: Call Components Safely"

from [David A. Wheeler] Network Security [Permanent Link]
Subject: New article: "Secure programmer: Call Components Safely"
Date: Mon, 27 Dec 2004 14:54:43 -0500
The latest article in my "Secure Programmer" series is now available! This series is a developerWorks series on how to develop
secure programs for Linux/Unix.

Article #7 is Secure programmer: Call Components Safely.
The posted date is 16 December 2004, but it's only been
available since around 23 December 2004.
You can view it via:
 http://www-106.ibm.com/developerworks/linux/library/l-calls.html

Here's the abstract:
Application programs typically make calls to other components, such as the underlying operating system, database systems, reusable libraries, Internet services (like DNS), Web services, and so on. This article explains how to prevent attackers from exploiting those calls to other components by discussing the use of only secure components, passing only valid data, making sure the data will be correctly interpreted, checking return values and exceptions, and protecting data as it flows between applications and components.

Most of the people on this list will already know this
kind of info. But if you know developers who need this info,
here's an easy place to direct them.

(I'm posting this to both sc-l@securecoding.org and
secprog@securityfocus.com since I think it's relevant to
both groups).

--- David A. Wheeler


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • New article: "Secure programmer: Call Components Safely", David A. Wheeler <=
Previous by Date:  MD5 for powerpc, gurus
Previous by Thread:  MD5 for powerpc, gurus
Indexes:  [Date] [Thread] [Top] [All Lists]