[SC-L] Q: SQL Query Sanitizer Library?

Hi All, Is anyone aware of an open source library for sanitizing SQL queries from untrusted sources? Jeff ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List

[SC-L] IPSec Stack Compromise

Hi All, I have been following the allegations of the ipsec stack compromise on a few mailing lists (full disclosure and fun sec). Outside of the initial email's claims, I have not seen anything substantive. There has been some entertaining trolling (http://www.collegehumor.com/video:1926079). Is

Re: [SC-L] informIT: Building versus Breaking

Hi Steve, On Wed, Aug 31, 2011 at 4:45 PM, Steven M. Christey co...@linus.mitre.org wrote: While I'd like to see Black Hat add some more defensive-minded tracks, I just realized that this desire might a symptom of a larger problem: there aren't really any large-scale conferences dedicated to

Re: [SC-L] A new blog on application security - armoredcode.com

On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego thesp0...@gmail.com wrote: Hi list, just 2 lines for promoting my new blog on application security: http://armoredcode.com The idea is to talk about appsec using the developers language so talking about testing frameworks and practices, libraries

Re: [SC-L] SearchSecurity: Cyber Security and the Law

Hi Dr. McGraw, Cyber Intelligence Sharing and Protection Act (CISPA) passed by there House in April) has very little to say about building security in. I'm convinced (in the US) that users/consumers need a comprehensive set of software liability laws. Consider the number of mobile devices that

Re: [SC-L] Chinese Hacking, Mandiant and Cyber War

On Wed, Feb 20, 2013 at 9:34 AM, Gary McGraw g...@cigital.com wrote: hi sc-l, No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week. I believe it is important to understand the difference between cyber espionage and cyber war.

Re: [SC-L] OWASP Podcast 95 is live!

Hi Jim, Do you know if there is a slide deck available with the talk? It sounds like there is, but Dr. Bernstein's Talk page (http://cr.yp.to/talks.html) does not list an OWASP talk. Jeff On Wed, Jun 26, 2013 at 12:08 AM, Jim Manico jim.man...@owasp.org wrote: I'm very pleased to announce that

Re: [SC-L] Sad state of affairs

On Fri, Sep 20, 2013 at 7:47 PM, Bobby G. Miller b.g.mil...@gmail.com wrote: I was just listening to a podcast interviewing a security executive from a prominent vendor. The response to vulnerabilities was to raise the cost/complexity of exploiting bugs rather than actually employing secure

Re: [SC-L] Sad state of affairs

on building tools that make it hard/difficult to do things incorrectly in the first place. I kind of think its a mixture of both. - Reply message - From: Jeffrey Walton noloa...@gmail.com To: Bobby G. Miller b.g.mil...@gmail.com Cc: Secure Coding List sc-l@securecoding.org Subject: [SC-L

Re: [SC-L] The FTC and Software Security

On Wed, Sep 16, 2015 at 2:58 PM, Gary McGraw wrote: > hi sc-l, > > I just posted some thoughts on the FTC and software security. > > Have a look: http://bit.ly/gem-FTC +1, well written. I've kinda ignored the FTC over the years, and focused on the state laws covering data