SecurityRatty: tag: int

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle

...interesting comments from my TechEd 2008 presentation entitled, "How To Review Your Code And Test For Security Bugs," but the most comments and questions were reserved for fuzz testing; I was blown away by the number of people who thought fuzz testing was hard, or that you only left fuzz testing to leet hackers During the presentation I...

Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz

Enabling hierarchical nant builds

2008-03-07 05:49:00 by Keith Brown in Security Briefs

...integration for the internal builds here at Pluralsight. I recently worked with Craig to restructure our nant build. As part of that, I wanted to ensure that I could run the build from anywhere in the source tree. We use a typical hierarchical build where each project has a build script that knows how to compile, test, deploy, etc. based on...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Enabling hierarchical nant builds

2008-03-07 12:49:00 by keith-brown in Security Briefs

...integration for the internal builds here at Pluralsight. I recently worked with Craig to restructure our nant build. As part of that, I wanted to ensure that I could run the build from anywhere in the source tree. We use a typical hierarchical build where each project has a build script that knows how to compile, test, deploy, etc. based on...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Enabling hierarchical nant builds

2008-03-07 12:49:00 by keith-brown in Security Briefs

...integration for the internal builds here at Pluralsight. I recently worked with Craig to restructure our nant build. As part of that, I wanted to ensure that I could run the build from anywhere in the source tree. We use a typical hierarchical build where each project has a build script that knows how to compile, test, deploy, etc. based on...

Tags: nant, root script defines, script, root, task, simple nant task, root nant project, return path, return

Better exception reporting in ASP.NET part 2

2008-08-04 14:11:14 by keith-brown in Security Briefs

...IntoTargetInvocationException(invocationException); subjectBuilder.AppendFormat( "{0}" , (innerException ?? invocationException).GetType().Name); if ( null != innerException) subjectBuilder.Append( " (via reflection)" ); } else subjectBuilder.Append(unhandledException.GetType().Name); } // if we've not got anything better // just show the...

Tags: return, return subjectbuilder, return formatter, exception, formatter, crazy formatter, static void, static void emitprocessinfo, return null

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog

...interesting open source vulnerabilities that were located and fixed by members of Google's Security team. It is interesting to classify and aggregate the code flaws leading to the vulnerabilities, to see if any particular type of flaw is more prevalent JDK . In May 2007, I released details on an interesting bug in the ICC profile parser in...

Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil

Setting file ACLs with PowerShell part 4

2007-11-29 09:34:00 by Keith Brown in Security Briefs

...inted out how the "Modify" was automatically converted into an enumeration value, promising that I'd talk more about enumerations later. Well, this value comes from the System.Security.AccessControl.FileSystemRights enumeration. And there's a cool way you can abuse PowerShell to get a quick and dirty listing of an enumeration's values. But to...

Tags: values, invalid enumeration values, enumeration, enumeration values, new-object security, object, powershell, invalid cast exception, cast

Help bring this man to the executioner, hopefully.

2008-05-07 00:10:48 by Doug Woodall in The Spyware Biz Blog

...interpol.int INTERPOL requests public assistance to identify man pictured sexually abusing children LYON, France INTERPOL is asking for the publics help in identifying a man pictured sexually abusing children in a series of images found on the Internet and retrieved from the computer of a convicted paedophile

Tags: interpol, france interpol, internet, images, int, gallows, series, lyon, justice

Serializable XmlDocument

2008-08-19 02:58:00 by keith-brown in Security Briefs

...into a stream. I wanted to put an object into ASP.NET ViewState the other day, and quickly ran into this roadblock, because part of the object included an XmlDocument, which is not serializable. A quick search revealed that most people deal with this problem by storing a string instead. Indeed, that was where I started, but I quickly realized...

Tags: public class item, public, public void getobjectdata, public static byte, xmldocument, return doc, return, static byte, public class

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo