Developer fixes 33-year-old Unix bug
An OpenBSD developer has discovered and fixed a bug in the software that has been traced back to an AT&T version of Unix from 1975
SEARCH RESULTS
 |  |
 |  |
 |  |
 |
Showing 1-10 of 104 records
| |
| |
| |
|
Anti-Debugging Series - Part III
...developer. Many of these functions have undergone extensive research and reverse engineering to be able to understand how they operate and what can be achieved using them. One such poorly documented API function is the NtQueryInformationProcess function which is used to retrieve information about a target process. The function prototype looks...
| |
| |
| |
|
Sexy Development Lifecycle
...developer, and then continue on with the tester, the pentester, the netadmin, and everyone else in the product lifecycle
Instead of teaching pentesters how to find vulnerabilities, Id rather be teaching developers how to write their code correctly in the first place so that the pentesters dont have any vulnerabilities to find. But, as a...
| |
| |
| |
|
The Other Side of Life
...developer, but it should work
At which point the room erupted into hysterical laughter
It should work means I think so, but we have to test it. And that means the whole battery of tests for each of the affected components, across all of the supported platforms. And that has to be scheduled in test labs. To be clear, this wasnt a lack of...
| |
| |
| |
|
Is Microsofts SDL Working?
...developer went through
So, how do we determine whether the SDL is working? Microsoft suggests that this is a simple exercise simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the first...
| |
| |
| |
|
Is Microsoft???s SDL Working?
...developer went through
So, how do we determine whether the SDL is working? Microsoft suggests that this is a simple exercise ??? simply compare the number of public vulnerabilities disclosed for products prior to SDL with similar products developed after SDL. The most recent case was comparing Windows XP SP2 to Vista vulnerabilities in the...
| |
| |
| |
|
Building secure application
Developers have the objective of building a functional application. They are focused on building more functionality into applications. Moreover, building security creates more workload for Developers which is a disincentive and moreover, Developers are rewarded for building more functionality than building more security. I have never seen a...
| |
| |
| |
|
Links for 2008-11-20 [del.icio.us]
...Developer: Just because you can do that doesnt mean we have a major problem like you say it is. Its just you that did it! SG dude: Well more than likely, others have.we didnt do anything fancy. Web Developer: Well nothing has ever happened so its just you guys! SG dude: You have no logging. Web Developer: Weve never been hacked
On Data Loss...
| |
| |
| |
|
Security Evolution
...developers invented CGI/PERL for more dynamic sites. Once they wanted to scale and pool they built out ASP and JSP, then to deliver middle tier components they developed EJB, J2EE, and DCOM. After that there were a lot of heterogeneous systems that needed to talk to each other so SOAP and XML came along to address that. This path diverged...
| |
| |
| |
|
The Business Case for WAFs + Testing
...developer battle(yes XSS is not good) they where left with two not good options
Lose the customer
Stop the rewrite and spend a few months digging through old code to fix these issues
Now from a business point of view neither of those makes sense. At the time we where in the WAF hater camp but we saw that in this case it made total sense. The...