On Fri, 18 Feb 2005 16:49:03 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said: > > > Are you aware of any server software that has been so rigorously tested > > that it has no flaws at all? > > > > That would be one hell of a find... > > "Testing can reveal the presence of flaws, but not their absence" -- E. > Dijkstra
In my belief, this is not completely true. Let's say we are testing web application, as this thread already started from one. Let's say i'm testing application regarding to input sanitizing. Code analysis is one type of testing. When i do code analysis and look, how user input is handled, i have those results: - user input is correctly sanitized and there is no flaw - use input is not correctly sanitized and there is a flaw So above saying is not always completly true. But you can't use testing to find something you don't know at this exact moment - unknown flaws. all the best, W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
