Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Betr.: Re: What do you take for secure programming?

from [Philip Wagenaar] Network Security [Permanent Link]
Subject: Betr.: Re: What do you take for secure programming?
Date: Fri, 28 Jan 2005 15:21:30 +0100 
Secureprogramming should also be part of the framework (.net/java) you are 
programming in and it should do a lot of securecoding for the programmer.

We are moving towards a new wave of programmers that rely on frameworks to do 
the 'code' part and only focus on business-,data- and presentation logic. How 
can these programmers program secure? 

Met vriendelijke groet,

(Philip) Wagenaar
Assistent ICT Projecten & Advies

AccoN Accountants & Adviseurs
ICT Projecten & Advies
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
http://www.accon.nl



Chris <chris@cr-secure.net> 27-01-05 10:54 >>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This will probably start an arguement but 'secure programming' can be
interpreted a lot of ways. To me it means using functions that arent
known for their security risks. Or using a secure library that has all
'secure' functions. I can go on and on, but at its most basic meaning
I think secure programming is typically reviewing what youve wrote to
make sure their are no obvious vulnerabilities.

Coding and programming mean the same thing to me, one just sounds
cooler ;)

Chris @
cr-secure.net
ehdr.net

Gustavo Rios wrote:

| Hey folks,
|
| i am very new to this mailing list, this is just my first message.
| I wonder what you take for "secure programming" ?
|
| Are you folks aware about the difference between coding and
| programming ? I am sure you plenty of guys/girls here are, but it
| is worthy to refresh it, isn't it ? Don't take me wrong, please,
| but i do ask that cause i have heard about many "secure
| programming" techniques that are simply put misguided. And the most
| amazing is that there are plenty of folks around "buying" many
| wrong concepts. I hope this mailing list may clarify the ones i
| bought myself too (we all do, in different amounts, of course).
|
| Thanks for your feedback.
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB+Lo8Xpi1p4x0qXsRAq7pAJ4hgWeEEQO//q/UNqUqrXwgbc+KwwCfQTJE
vRXGG3JnSdc/DFH8OXfMauM=
=rDqF
-----END PGP SIGNATURE-----


##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Betr.: Re: What do you take for secure programming?, Philip Wagenaar <=
Previous by Date:  Re: What do you take for secure programming?, mac4-security
Next by Date:  RE: secure storage of sensitive data in J2EE, Erez Metula
Previous by Thread:  What do you take for secure programming?, Gustavo Rios
Next by Thread:  WASC-Articles: "The 80/20 Rule for Web Application Security", robert
Indexes:  [Date] [Thread] [Top] [All Lists]