SecurityFocus

Inspecting Code for Security Sep 20 2004 07:55PM
caleb dods bell ca (5 replies)

RE: Inspecting Code for Security Sep 23 2004 03:42AM
Yvan Boily (yboily seccuris com) (1 replies)

RE: Inspecting Code for Security Sep 23 2004 04:38PM
Aleksander P. Czarnowski (alekc avet com pl) (1 replies)

RE: Inspecting Code for Security Sep 23 2004 06:13PM
Yvan Boily (yboily seccuris com)

RE: Inspecting Code for Security Sep 21 2004 06:57PM
Aleksander P. Czarnowski (alekc avet com pl) (1 replies)

Re: Inspecting Code for Security Sep 22 2004 03:09PM
Valdis Kletnieks vt edu (1 replies)

RE: Inspecting Code for Security Sep 22 2004 06:45PM
Aleksander P. Czarnowski (alekc avet com pl)

RE: Inspecting Code for Security Sep 21 2004 04:39PM
Yvan Boily (yboily seccuris com)

Re: Inspecting Code for Security Sep 21 2004 10:22AM
Juergen Brauckmann (jbrauckmann betrusted com)

caleb.dods (at) bell (dot) ca [email concealed] wrote:

> I have a background in programming and code inspection. However our
> inspections were not targeted at security, instead they looked for
> logic errors, over complex code, missing comments, etc.
>
> With security in mind what things other things should I be looking
> for in a code inspection?

Well, you'll want to read "Secure Programming for Linux and Unix HOWTO"
by David A. Wheeler, available at <http://www.dwheeler.com/secure-programs/>

Although it has "Linux" and "Unix" in its name, I find it very helpful
to get a feeling about potential problems that might strike you on other
platforms.

j.

[ reply ]

Re: Inspecting Code for Security Sep 21 2004 01:24AM
George V. Neville-Neil (gnn neville-neil com)