Secure Coding mailing list archives
SC-L Digest, Vol 6, Issue 56
From: platsakos at gmail.com (AK)
Date: Fri, 19 Mar 2010 19:56:25 +0200
It is way easier for attackers to reverse engineer desktop applications than web applications. Assuming proper server configuration, it is next to impossible for an attacker to get the server side source code or compressed form (e.g WARs) for a web application and proceed with disassembly/decompilation/patching. I do not have any experience with obfuscating or otherwise armoring executables created from scripting languages (such as win32's py2exe) but I would venture a guess that it would be tedious and less effective than armoring a C/C++ based executable. To turn the argument the other way round, if we accept what you say as correct within the realm of web applications, the Ruby-On-Rails and Django guys (to name but two) are in a serious folly and are not able to provide secure frameworks owing to their choice of scripting languages. I, for one, do not that this is the case :-) sc-l-request at securecoding.org wrote: Message: 6 Date: Thu, 18 Mar 2010 15:11:29 -0400 From: ljknews <ljknews at mac.com> To: sc-l at securecoding.org Subject: Re: [SC-L] market for training CISSPs how to code (Matt, Parsons) Message-ID: <p05200f40c7c82b12ba95@[146.115.107.213]> Content-Type: text/plain; charset=us-ascii At 7:36 PM +0200 3/18/10, AK wrote:
Who says so, in the context of web applications? I can see it (somewhat) from a "desktop" application perspective, but how is this relevant in web apps?
Why should standards for a "web" application be different than for a "desktop" application ? -- Larry Kilgallen
Current thread:
- SC-L Digest, Vol 6, Issue 56 AK (Mar 19)
- SC-L Digest, Vol 6, Issue 56 ljknews (Mar 20)
- <Possible follow-ups>
- SC-L Digest, Vol 6, Issue 56 AK (Mar 19)