Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)

From: ant () notatla demon co uk (Antonomasia)
Date: Wed, 15 Aug 2001 00:22:06 +0100 (BST)
From: Adam Shostack <adam () homeport org>


ITS4, RATS, flawfinder, Lopht Slint, fuzz.


I have a couple of tools in Perl and pretty crude:

For file race conditions (after Bishop & Dilger)
    http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/scanner-1.0b.tar.gz

For format bugs
    http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/argcount.plx

The format tool is outclassed by Alan DeKok's
    http://www.striker.ottawa.on.ca/~aland/pscan/

 

The immunix suite is worth looking at, as is David Wagner's thesis (I
don't think the code is available, but hey, sometimes its worth
reading the paper, not the code.)


Obviously Adam and I have been pointing our brain cells the same
way lately.

--
##############################################################
# Antonomasia   ant notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: