CWE, CLASP, and some other information sources have a number of code
snippets that highlight various weaknesses. In CWE, this code is easily
extractable from the XML by grabbing the Demonstrative_Examples element,
and we've even conveniently labeled examples with the various languages.
You c
At 7:36 PM +0200 3/18/10, AK wrote:
> Who says so, in the context of web applications?
> I can see it (somewhat) from a "desktop" application
> perspective, but how is this relevant in web apps?
Why should standards for a "web" application be different than
for a "desktop" application ?
--
Larry
At 1:01 PM -0400 3/18/10, Wheeler, David A wrote:
> Larry Kilgallen:
>> Scripting languages should not be used for security-sensitive programs.
>
> Perhaps, but they are and will be used that way anyway. We need plan B.
Ok, just so people understand it _is_ Plan B.
> If the alternative is "use
Hi all,
We are drifting a bit away from my question but here is a forked question:
Who says so, in the context of web applications? I can see it (somewhat) from a
"desktop" application perspective, but how is this relevant in web apps?
Cheers!
Date: Wed, 17 Mar 2010 20:17:05 -0500
From: ljknew
> At 7:27 PM +0200 3/17/10, AK wrote:
> > Regarding training non-developers to write secure code, what are the
> > circumstances that a non-developer would create code that would
> > *require* security?
As soon as a "non-developer" creates code, they are no longer a
"non-developer". By definiti
On Wed, Mar 17, 2010 at 6:17 PM, ljknews wrote:
> At 7:27 PM +0200 3/17/10, AK wrote:
>
>> Regarding training non-developers to write secure code, what are the
>> circumstances that a non-developer would create code that would
>> *require* security? I am assuming that system administrators know t
On Mar 18, 2010, at 02:17, ljknews wrote:
> Scripting languages should not be used for security-sensitive
> programs.
And your evidence for this statement is?
Stephan
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscr
At 7:27 PM +0200 3/17/10, AK wrote:
> Regarding training non-developers to write secure code, what are the
> circumstances that a non-developer would create code that would
> *require* security? I am assuming that system administrators know the
> basics of their trade and scripting language of ch