Secure Coding mailing list archives
Re: Strategies for teaching secure coding practices
From: Brian Chess <brian () fortifysoftware com>
Date: Sun, 14 Dec 2003 23:13:52 +0000
David Crocker wrote:
An alternative way is to *prove* that all inputs are within bounds ... This approach is more or less impossible to apply if you are coding in C or C++. It may be feasible if you are using Java (using tools such as ESC/Java) ...
Funny you should mention that. My dissertation focused on showing that you can apply Extended Static Checking to the problem of finding some common types of security vulnerabilities in real C programs. (Common types of security vulnerabilities being things like buffer overflow, race conditions, and format string vulnerabilities.) More info if you're interested: http://sctest.cse.ucsc.edu/chess/EauClaire Brian
Current thread:
- Re: Strategies for teaching secure coding practices, (continued)
- Re: Strategies for teaching secure coding practices Jose Nazario (Dec 12)
- Re: Strategies for teaching secure coding practices Keith Watson (Dec 12)
- Re: Strategies for teaching secure coding practices Steve Litt (Dec 12)
- Re: Strategies for teaching secure coding practices Andrew Gray (Dec 12)
- Re: Strategies for teaching secure coding practices David Evans (Dec 12)
- Re: Strategies for teaching secure coding practices Dana Epp (Dec 12)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 12)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 13)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 14)
- Re: Strategies for teaching secure coding practices Brian Chess (Dec 14)
- Re: Strategies for teaching secure coding practices Crispin Cowan (Dec 14)
- RE: Strategies for teaching secure coding practices David Crocker (Dec 13)
- Re: Strategies for teaching secure coding practices Jeff Williams @ Aspect (Dec 13)