Secure Coding mailing list archives
informIT: attack categories
From: gem at cigital.com (Gary McGraw)
Date: Tue, 25 Aug 2009 13:35:16 -0400
hi sc-l, If you listened recently to the latest episode of Silver Bullet with Fred Schneider from Cornell <http://www.cigital.com/silverbullet/show-041/>, one of the ideas Fred and I discussed was the notion of attack categories and anticipating large scale trends in attack space. Hopefully you guys all recall that I am a strong proponent of understanding the attacker's perspective (see, for example Exploiting Software from way back in 2004 where Hoglund and I coined the term "attack pattern" <http://exploitingsoftware.com/>). This month's informIT article is about the notion of long term attack categories and is meant to inform software security research: Software [In]security: Attack Categories and History Prediction http://www.informit.com/articles/article.aspx?p=1393066 BTW, shout outs for the OWASP top 10 and CWE in the article may surprise the usual nay sayers. Feedback is most welcome. (Thanks to Ken and Sammy for helping me make this article slightly more coherent.) gem company www.cigital.com podcast www.cigital.com/silverbullet podcast www.cigital.com/justiceleague book www.swsec.com
Current thread:
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Steven M. Christey (Aug 25)
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Prasad Shenoy (Aug 26)
- informIT: attack categories ljknews (Aug 26)
- informIT: attack categories Gary McGraw (Aug 25)
- informIT: attack categories Steven M. Christey (Aug 25)