SEARCH RESULTS
 
Showing 1-10 of 30 records
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
...exceptions get logged [stage 4], which tests you re-run [stage 6] and even which parsers you might decide to go after next [stage 1], etc). Below is a brief listing of each stage and its associated tasks Stage 1: Prerequisites Identifying the targets (program interfaces to fuzz Prioritizing your efforts (test planning Setting Bug Bar Stage 2:...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
...exception that you can run into if the first request to the class is denied by the attribute Be careful about using this attribute at the class level. If the class to which you apply it happens to have a static constructor (or, even worse, if it may get one in the future), realize that this attribute applies to the static constructor as well!...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

My New Favorite Tool Case Complete by Serlio Software

2006-10-17 04:54:00 by Eric Marvets in The Security Samurai
 
...exception steps. If you attach an exception to step 2, then move step 2 to 3, it will update the exception to step 3 as well. Even typing Continue at Step 4 in an exception will cause it to change if step 4 were ever renumbered Link to other Use Cases or Requirements. All you have to do is highlight some text or just right click on an empty...
 
Tags: word, word report, microsoft word, exception steps, move step, step, exception, word deals, serlio software
 
 
 
 
Expand article

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs
 
...exception This syntax allows you to create type-constrained variables. Now when I assign an object to $b, PowerShell will first try to cast that object to System.Int32 (you could also have used "int", by the way). The last line of code above will throw an invalid cast exception. This is a very useful feature, allowing you to get some helpful...
 
Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
...exception in Google's Security Team. Let's look at some interesting open source vulnerabilities that were located and fixed by members of Google's Security team. It is interesting to classify and aggregate the code flaws leading to the vulnerabilities, to see if any particular type of flaw is more prevalent JDK . In May 2007, I released...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Microsoft Hits Back at Atsiv

2007-08-02 22:17:32 by Editor in Cheap Hack
 
...exception or something similarly dramatic if the cert for a running driver is determined to be revoked
 
Tags: atsiv, microsoft, detect atsiv, detect, revocation list, revocation, verisign cost, driver loadboot time, verisign
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...exception handler defenses (such as the Microsoft Link /SAFESEH flag) - both of which are SDL requirements. I also assume that the code is not linked with No-Execute (/NXCOMPAT), which is also an SDL requirement. Summary Bugs are interesting, you can learn a lot from your own bugs, but also from the bugs in other products. From an SDL...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Security is not all about Security Updates

2007-12-17 12:58:00 by sdl in The Security Development Lifecycle
 
...exception of Windows XP SP2, (which was a security-focused release, but predates the SDL), service packs at Microsoft include fixes and perhaps some opportunistic feature enhancements requested by customers. Such releases cannot get the full benefit of the SDL, because security is not just about bug fixes, it is a holistic property that goes...
 
Tags: security, end-user security documentation, security response, fix security bugs, response, security fix, implementation vulnerabilities, vulnerabilities, security feature development
 
 
 
 
Expand article

Cisco Eying Into Indian Hospitals

2007-11-19 06:38:00 by MCSE Boot Camp Courses Delhi India in MCSE Training Courses, MCSE Certification Courses, MCSE Courses Delhi India
 
...exception. Indian hospital industry is undergoing a major expansion spree these days and networking has emerged as an important element to make the move a big success With the aim of providing customized solutions Cisco is all set to start its new operations. Indian hospital industries are expanding their operations with the introduction of...
 
Tags: cisco, ace cisco systems, solutions cisco, systems, indian hospital chains, specialty, super-specialty segment, patients, medical grade networks