Re: [SC-L] informIT: Modern Malware

Hi everyone, Assuming that are we missing DEP and assorted userland exploit mitigations for the web is not a rhetorical question, indeed assorted technologies based on randomized instruction sets have been researched and I have seen PoC solutions circa 2004 (SQLi) and more recently for XSS. [1]

Re: [SC-L] SC-L Digest, Vol 6, Issue 56

As soon as a non-developer creates code, they are no longer a non-developer. By definition, they are now a developer! Of course, they may completely lack any kind of knowledge about security. Just like most developers, I should add. I expect this problem to *increase* over time.

Re: [SC-L] market for training CISSPs how to code (Matt, Parsons)

ljkn...@mac.com To: sc-l@securecoding.org Subject: Re: [SC-L] market for training CISSPs how to code (Matt Parsons) Message-ID: p05200f26c7c72f5b9...@[146.115.107.213] Content-Type: text/plain; charset=us-ascii At 7:27 PM +0200 3/17/10, AK wrote: Regarding training non-developers

Re: [SC-L] market for training CISSPs how to code (Matt Parsons)

Hi, Regarding training non-developers to write secure code, what are the circumstances that a non-developer would create code that would *require* security? I am assuming that system administrators know the basics of their trade and scripting language of choice so security there is taken care of