Secure Coding mailing list archives

RE: Vulnerability Auditing Checklist

From: "Barney, Rickie" <rbarney () LSIJAX COM>
Date: Tue, 04 May 2004 21:02:13 +0100

SEE http://auditnet.org/

-----Original Message-----
From: Steven M. Christey [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 04, 2004 1:50 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Vulnerability Auditing Checklist

Maybe Steven have a newer version available?


Unfortunately, I haven't been able to do a major overhaul, or to
refine the categories.

Would be nice with some illustrations to each vulnerability listed.


Below is an updated version.  There are some more sub-categories, and
now most categories have some example vulnerabilities.  It still needs
a lot of work, but maybe it will be useful.

I haven't had a chance to read it closely, but McGraw and Hoglund's
new book "Exploiting Software" defines a number of specific attack
patterns.  There's also the OWASP WebApp Pen Test Checklist.  Both of
these are a good move forward in formalizing some aspects of auditing
and, by extension, vulnerability research.

- Steve

Current thread:

Vulnerability Auditing Checklist Mads Rasmussen (May 03)
- <Possible follow-ups>
- Re: Vulnerability Auditing Checklist Steven M. Christey (May 04)
  - Re: Vulnerability Auditing Checklist Alfonso Alba García (May 05)
- RE: Vulnerability Auditing Checklist Barney, Rickie (May 04)