SecurityRatty: tag: output

Software Security Metrics and Commentary - Part 2

2007-10-23 20:31:00 by Security Retentive in Security Retentive

...OutputValidation , this is really the key to prevention here. Most static analysis tools can detect tainted input and have a set of untrusted input functions (things that read from sockets, stdin, etc). It should be relatively straightforward to model our own application-specific output functions to detect where we're handing...

How Secure is Secure?

2008-05-08 16:46:00 by sdl in The Security Development Lifecycle

...output of other tools that inspect code and/or binaries for potential implementation vulnerabilities is a key element in how we approach the challenge of trying to measure compliance with SDL requirements from product groups at Microsoft today. While not every technique required by SDL has a corresponding tool, we try to provide both tools...

Tags: security metrics, software security metrics, implementation vulnerabilities, potential implementation vulnerabilities, metrics, secure, software, discretionary security protection, security protection

Secure Your Linux Host - Part 1: Foundations

2009-01-06 03:59:26 by Erik Heidt in Art of Information Security

...output. The Cron facility willautomatically forward that output to the root user. The -y option tells apt-get to assume a Yes answer for any of the questions The su login command provides context to the command so that it can operate properly (and this results in the stdin: is not a tty notice below This results in an email from Cron that...

Tags: sudo, sudo command, login command, login command apt-get, command, apt-get, account, root account, root

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...output by a web application. If untrusted data is output within an HTML document, the appropriate sanitization depends on the specific context in which the data is inserted into the HTML document. The context could be in the regular HTML body, tag attributes, URL attributes, URL query string attributes, style attributes, inside JavaScript,...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs

...output of the above program, exactly as written. Notice that the call order is such that the privileged user accesses the protected class first, so things work as you'd expect Inside static constructor Alice OK Bob failed due to a SecurityException Here's the output when I switch the order and have the normal user try to use the class first....

Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void

An Overture to the 2007 CEP Blog Awards

2008-01-09 11:09:46 by Tim Bass in The Complex Event Processing Blog

...output of a stream processing modulemight be the input to a neural network (NN)or Bayesian Belief (BN)module. In another example pipeline operation, the output of a Bayesian classifiercouldbe the input to a process or rule-based event processing module within the same run-time environment For all three categories for 2007, there should be a...

Tags: term intelligent event, term, intelligent event, event, event processingand, event stream, event streams, category ai-capable event, event processingwill

Storm worm, other botnets, kept spam levels high in 2007

2008-01-09 00:00:00 by Brad Reed in Network World on Security

Botnets helped keep spam output at consistently high levels last year, and the global spam output reached rates as high as 96% of all e-mail traffic 2007, according to a report from security firm Commtouch

Tags: global spam output, spam output, security firm commtouch, levels, botnets, e-mail traffic, report, consistently

"Crawling" Toward SDL

2008-03-06 22:13:00 by sdl in The Security Development Lifecycle

...output Secure your SQL script by only using prepared SQL statements - no string concatenation or string replacement Run these tools habitually PREfast (in Visual Studio 2005, use the /analyze compiler option) a static analysis tool that identifies defects in C/C++ programs and enables you to perform quick desktop error detection on small code...

Tags: sdl, security, perform security analysis, application security, application, applications security, security issues, issues, non-microsoft sdl engagements

Logs: Parsing, Tokenizing or Extracting?

2008-03-11 01:54:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...Output is low quality information; rather, a flow of raw data (needs more analysis Mixed - some new information emerges, but not in all cases (and you can't predict when In general, no cross-device analysis is enabled ('user' is not the same as 'usr' in other log High-quality output : tables, graphics, summaries and easy correlation across...

Tags: logs, log analyst, log, convert logs, log management, diverse log sources, text logs, log analysis, bad logs

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo