WebApp Sec mailing list archives
RES: Fail Open Authentication and Parameter Injection
From: "Mads Rasmussen" <mads () opencs com br>
Date: Tue, 25 Mar 2003 16:00:20 -0300
-----Mensagem original----- De: Jeff Williams @ Aspect [mailto:jeff.williams () aspectsecurity com] Enviada em: terça-feira, 25 de março de 2003 15:34 Para: Dawes, Rogan (ZA - Johannesburg); 'Indian Tiger'; webappsec () securityfocus com Assunto: Re: Fail Open Authentication and Parameter Injection
<snip>
You just can't beat actually looking at the code. You'll need to work
out
a process for reviewing the code and a standard to review against.
You
also need to make sure you've found ALL the code. But a code review
will
give you some real assurance that you've covered everything...in a way that penetration testing never can.
Sure enough but you often have to prioritize opening the possibility of missing something. Something that should get high priority would be 1) authentication 2) content modifying code etc Mads
Current thread:
- RES: Fail Open Authentication and Parameter Injection Mads Rasmussen (Mar 25)
- Re: Fail Open Authentication and Parameter Injection Jeff Williams @ Aspect (Mar 25)
- <Possible follow-ups>
- RES: Fail Open Authentication and Parameter Injection Mads Rasmussen (Mar 25)
- Re: RES: Fail Open Authentication and Parameter Injection Mark Curphey (Mar 25)
- Re: Fail Open Authentication and Parameter Injection Jeff Williams @ Aspect (Mar 25)