Vulnerability Development mailing list archives
Secure Coding Refs (was Re: BitchX /ignore bug)
From: prole () SUBTERRAIN NET (prole)
Date: Fri, 7 Jul 2000 11:41:22 -0700
Some of these are a little dated but still useful: Secure Programming Checklist: ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist Secure Unix Programming FAQ: http://www.whitefang.com/sup/ Security Code Review Guidelines: http://www.homeport.org/~adam/review.html Robust Programming: http://olympus.cs.ucdavis.edu/~bishop/classes/ecs153-1998-winter/robust.html The Unix Secure Programming FAQ: http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html How To Write a Setuid Program: http://olympus.cs.ucdavis.edu/~bishop/scriv/Bish86.pdf UNIX Security: Security in Programming: http://olympus.cs.ucdavis.edu/~bishop/scriv/1996-sans-tut.pdf "How to find security holes": http://www.dnaco.net/~kragen/security-holes.html
From the FreeBSD pages:
http://www.freebsd.org/security/security.html (scroll down midway) In general, I recommend most any of Stevens' books (such as APUE - Advanced Programming in the Unix Environment) for examples of robust code, although it's not necessarily a checklist or security-specific. _p
Current thread:
- Secure Coding Refs (was Re: BitchX /ignore bug) prole (Jul 07)