Full Disclosure mailing list archives
Re: automated vulnerability testing
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Sun, 30 Nov 2003 09:31:08 -0500
Everyone used to say Java was inherently secure, and look what happened to it... plagued with vulnerabilities. No language is secure unless you make it so restrictive that it isn't capable of doing anything useful. Good programming relies on the programmer (as most have said in this thread). If you want to harden up your C programs, there are a few stack protectors and such out there you can compile/link with that will protect your code from typical stack smashing vulnerabilities and such. There are also OS hardening tools out there to perform similar protection. That reminds me, it'd be nice if there was a C code scanner to check your code for potential vulnerabilities. Maybe a --taint flag in gcc or something. Anyone heard of one that does a good job? It obviously isn't a replacement for good programming but would be a nice help to point out things one might not otherwise see. Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: automated vulnerability testing, (continued)
- RE: automated vulnerability testing Todd Burroughs (Nov 29)
- automated vulnerability testing Choe.Sung Cont. PACAF CSS/SCHP (Nov 29)
- Re: automated vulnerability testing Todd Burroughs (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- RE: automated vulnerability testing Peter Moody (Nov 29)
- RE: automated vulnerability testing Bill Royds (Nov 29)
- Re: automated vulnerability testing Michael Gale (Nov 29)
- Re: automated vulnerability testing Frank Knobbe (Nov 29)
- Re: automated vulnerability testing Gadi Evron (Nov 29)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Nick FitzGerald (Nov 30)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Nov 30)
- Re: automated vulnerability testing Valdis . Kletnieks (Nov 29)
- Re: automated vulnerability testing Devdas Bhagat (Nov 29)