Hi All,
Is anyone aware of an open source library for sanitizing SQL queries
from untrusted sources?
Jeff
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List
Hi All,
I have been following the allegations of the ipsec stack compromise on
a few mailing lists (full disclosure and fun sec). Outside of the
initial email's claims, I have not seen anything substantive. There
has been some entertaining trolling
(http://www.collegehumor.com/video:1926079).
Is
Hi Steve,
On Wed, Aug 31, 2011 at 4:45 PM, Steven M. Christey
co...@linus.mitre.org wrote:
While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego thesp0...@gmail.com wrote:
Hi list, just 2 lines for promoting my new blog on application security:
http://armoredcode.com
The idea is to talk about appsec using the developers language so talking
about testing frameworks and practices, libraries
Hi Dr. McGraw,
Cyber Intelligence Sharing and Protection Act (CISPA) passed by
there House in April) has very little to say about building security in.
I'm convinced (in the US) that users/consumers need a comprehensive
set of software liability laws. Consider the number of mobile devices
that
On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw g...@cigital.com wrote:
hi sc-l,
No doubt all of you have seen the NY Times article about the Mandiant report
that pervades the news this week. I believe it is important to understand
the difference between cyber espionage and cyber war.
Hi Jim,
Do you know if there is a slide deck available with the talk? It
sounds like there is, but Dr. Bernstein's Talk page
(http://cr.yp.to/talks.html) does not list an OWASP talk.
Jeff
On Wed, Jun 26, 2013 at 12:08 AM, Jim Manico jim.man...@owasp.org wrote:
I'm very pleased to announce that
On Fri, Sep 20, 2013 at 7:47 PM, Bobby G. Miller b.g.mil...@gmail.com wrote:
I was just listening to a podcast interviewing a security executive from a
prominent vendor. The response to vulnerabilities was to raise the
cost/complexity of exploiting bugs rather than actually employing secure
on building tools that make it hard/difficult to do things incorrectly
in the first place. I kind of think its a mixture of both.
- Reply message -
From: Jeffrey Walton noloa...@gmail.com
To: Bobby G. Miller b.g.mil...@gmail.com
Cc: Secure Coding List sc-l@securecoding.org
Subject: [SC-L
On Wed, Sep 16, 2015 at 2:58 PM, Gary McGraw wrote:
> hi sc-l,
>
> I just posted some thoughts on the FTC and software security.
>
> Have a look: http://bit.ly/gem-FTC
+1, well written.
I've kinda ignored the FTC over the years, and focused on the state
laws covering data
10 matches
Mail list logo