At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:
> On Mon, 4 Feb 2008, ljknews wrote:
>
>> > ("%s" to fill up disk or memory, anybody?), so it's marked with
>> > "All" and it's not in the C-specific view, even though there's a heavy
>> > concentration of format strings in C/C++.
>>
>> It
A little something to make you smile... infosec fellow for MS Mark
Curphy posted an amusing cartoon to his blog on code review:
http://securitybuddha.com/2008/02/06/funny-code-review-cartoon/
cheers,
-ben
--
Benjamin Tomhave, MS, CISSP
[EMAIL PROTECTED]
LI: http://www.linkedin.com/in/btomhave
Steven,
A while back Hal Burch and I wrote an article on "Programming Language
Format String Vulnerabilities" which is available here:
http://www.ddj.com/security/197002914
In the article we looked at the potential consequences of format string
vulnerabilities in Perl, PHP, Java, Python, and Rub
On Mon, 4 Feb 2008, ljknews wrote:
> > ("%s" to fill up disk or memory, anybody?), so it's marked with
> > "All" and it's not in the C-specific view, even though there's a heavy
> > concentration of format strings in C/C++.
>
> It is marked as "All" ?
>
> What is the construct in Ada that
FYI, for those who are interested in fuzz testing tools, here's an
interesting article URL from Dark Reading.
http://www.darkreading.com/document.asp?doc_id=144773&f_src=darkreading_section_296
Cheers,
Ken
-
Kenneth R. van Wyk
SC-L Moderator
smime.p7s
Description: S/MIME cryptographi
At 4:41 PM -0500 2/4/08, Steven M. Christey wrote:
> On Mon, 4 Feb 2008, Robert A. Martin wrote:
>
>> You still need to add to that issues that apply to all languages
>> versus these lists of language specific weaknesses and C and C++ have
>> significant overlap given their relationship.
>
> Ther
My final paper for my masters degree was on how some vulnerabilities
manifest themselves, or fail to manifest, in different programming
languages. I included C, C++, Java, Perl, and Standard ML. The title
of the paper is "Implications of Programming Language Selection On
the Construction of Sec
Gentleman,
Thanks for the contributions to my question. They've been helpful!
Vincent
Vincent Verhagen wrote:
> Hi all,
>
> I was referred to this list by a fellow security consultant for this
> specific question. Please forgive me if this is the wrong forum :)
>
> We're in the process of crea