Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

@stake SafeApps

From: Halvar Flake <halvar () gmx de>
Date: Sat, 22 Nov 2003 20:13:44 +0100
Hey all,

is there anyone on this list that has more than just the marketing
goop on @stake SafeApps ? What I have so far is from MS's slides (wow,
who would've guessed the special relationship between MS and @s ;)


From MS/@s advertisement:

Secure Code Assurance (SCA) engine
Replaces a manual security code review. @stake expert code reviewer in a box.
Detects the programming errors that lead to security vulnerabilities. Assists in remediating the errors.
Detects programming errors that lead to viruses and worms
Prioritizes risk of each error from severe error to warning. Optimizes programmer’s time.
Guides the programmer to fix the source of error. Most programmers don’t know how to fix security errors.
Target user 
Developer, QA Engineer, Security Engineer
Development teams that use SafeApps can drastically reduce the number of vulnerabilities in their software.
----
@stake’s world class application experience in a box
Expert code reviewers on our development team
Extensible scripted architecture 
Can update with new script packages that detect newly found classes of problems
Can build script packs tailored to particular customer environments
Detects vulnerabilities as early as possible for maximumsecurity ROI.
Analysis performed on program binaries instead of the source code
Deepest security analysis possible
Uses the context of the entire program
Evaluates interaction with OS and other binary components
Risk Analysis Reporting
Summarizes overall program risk.  Can be rolled up for anentire enterprise
Prioritizes errors by risk. Programmers can fix highest riskproblems first.
-----
SafeApps modeling engine builds control flow and data flow graphs of the program. Range of data is propagated.
Scripts analyze the graphs for coding flaws
Language and standard library issues
Buffer overruns (off by ones, size mismatches), format string vulnerabilities, integer overflows (type conversions), 
race conditions, error return checking
Platform API
Privilege escalation, cryptography usage, database usage, network usage
High level issues
Backdoors, denial of service, HTTP, input validation

Anything else besides "builds controlf flow and data flow graphs" ?
:-)
Anyone from @s on this list who wants to tell us about the real deal ?

Cheers,
Halvar
-- 
Mit freundlichen Grüssen
Halvar Flake                            mailto:halvar () gmx de

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: