Hi everyone,
Assuming that are we missing DEP and assorted userland exploit
mitigations for the web is not a rhetorical question, indeed assorted
technologies based on randomized instruction sets have been researched
and I have seen PoC solutions circa 2004 (SQLi) and more recently for
XSS. [1]
As soon as a non-developer creates code, they are no longer a
non-developer. By definition, they are now a developer!
Of course, they may completely lack any kind of knowledge about security.
Just like most developers, I should add. I expect this problem to *increase*
over time.
ljkn...@mac.com
To: sc-l@securecoding.org
Subject: Re: [SC-L] market for training CISSPs how to code (Matt
Parsons)
Message-ID: p05200f26c7c72f5b9...@[146.115.107.213]
Content-Type: text/plain; charset=us-ascii
At 7:27 PM +0200 3/17/10, AK wrote:
Regarding training non-developers
Hi,
Regarding training non-developers to write secure code, what are the
circumstances that a non-developer would create code that would
*require* security? I am assuming that system administrators know the
basics of their trade and scripting language of choice so security there
is taken care of