Secure Coding mailing list archives
RE: Vulnerability Auditing Checklist
From: "Barney, Rickie" <rbarney () LSIJAX COM>
Date: Tue, 04 May 2004 21:02:13 +0100
SEE http://auditnet.org/ -----Original Message----- From: Steven M. Christey [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 1:50 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Vulnerability Auditing Checklist
Maybe Steven have a newer version available?
Unfortunately, I haven't been able to do a major overhaul, or to refine the categories.
Would be nice with some illustrations to each vulnerability listed.
Below is an updated version. There are some more sub-categories, and now most categories have some example vulnerabilities. It still needs a lot of work, but maybe it will be useful. I haven't had a chance to read it closely, but McGraw and Hoglund's new book "Exploiting Software" defines a number of specific attack patterns. There's also the OWASP WebApp Pen Test Checklist. Both of these are a good move forward in formalizing some aspects of auditing and, by extension, vulnerability research. - Steve
Current thread:
- Vulnerability Auditing Checklist Mads Rasmussen (May 03)
- <Possible follow-ups>
- Re: Vulnerability Auditing Checklist Steven M. Christey (May 04)
- Re: Vulnerability Auditing Checklist Alfonso Alba GarcĂa (May 05)
- RE: Vulnerability Auditing Checklist Barney, Rickie (May 04)