Dailydave mailing list archives
@stake SafeApps
From: Halvar Flake <halvar () gmx de>
Date: Sat, 22 Nov 2003 20:13:44 +0100
Hey all, is there anyone on this list that has more than just the marketing goop on @stake SafeApps ? What I have so far is from MS's slides (wow, who would've guessed the special relationship between MS and @s ;)
From MS/@s advertisement:
Secure Code Assurance (SCA) engine Replaces a manual security code review. @stake expert code reviewer in a box. Detects the programming errors that lead to security vulnerabilities. Assists in remediating the errors. Detects programming errors that lead to viruses and worms Prioritizes risk of each error from severe error to warning. Optimizes programmers time. Guides the programmer to fix the source of error. Most programmers dont know how to fix security errors. Target user Developer, QA Engineer, Security Engineer Development teams that use SafeApps can drastically reduce the number of vulnerabilities in their software. ---- @stakes world class application experience in a box Expert code reviewers on our development team Extensible scripted architecture Can update with new script packages that detect newly found classes of problems Can build script packs tailored to particular customer environments Detects vulnerabilities as early as possible for maximumsecurity ROI. Analysis performed on program binaries instead of the source code Deepest security analysis possible Uses the context of the entire program Evaluates interaction with OS and other binary components Risk Analysis Reporting Summarizes overall program risk. Can be rolled up for anentire enterprise Prioritizes errors by risk. Programmers can fix highest riskproblems first. ----- SafeApps modeling engine builds control flow and data flow graphs of the program. Range of data is propagated. Scripts analyze the graphs for coding flaws Language and standard library issues Buffer overruns (off by ones, size mismatches), format string vulnerabilities, integer overflows (type conversions), race conditions, error return checking Platform API Privilege escalation, cryptography usage, database usage, network usage High level issues Backdoors, denial of service, HTTP, input validation Anything else besides "builds controlf flow and data flow graphs" ? :-) Anyone from @s on this list who wants to tell us about the real deal ? Cheers, Halvar -- Mit freundlichen Grüssen Halvar Flake mailto:halvar () gmx de _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps Matt Hargett (Nov 24)
- Re: @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps David Maynor (Nov 25)
- Re: @stake SafeApps Matt Hargett (Nov 25)
- Re: @stake SafeApps Halvar Flake (Nov 24)
- Re: @stake SafeApps Matt Hargett (Nov 24)
- Re: @stake SafeApps David Maynor (Nov 24)