Secure Coding mailing list archives
Microsoft Pushes Secure, Quality Code
From: jms at bughunter.ca (J.M. Seitz)
Date: Mon, 08 Oct 2007 12:40:11 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Steve,
Are there any tools out there that try to measure attack surface? Has anybody had any experience in trying to apply it?
SecurityInnovation's HoloDeck has an attack surface module, but unfortunately it is just a fancy wrapper for a Win32 strace() :) I am currently working on a research paper for my GCIH Gold that is about measuring code-coverage of an attack surface. For example being able to intelligently measure whether that magic packet you sent into a process _really_ covered 100 basic blocks, or were 20 of them a threading routine completely outside of the main surface (packet parsing) area. It is a tough thing to just measure, however some researchers at Carnegie Mellon have done some interesting work: http://www.cs.cmu.edu/~pratyus/qop.pdf And their mainpage is here: http://www.cs.cmu.edu/~pratyus/as.html Anyways I would be interested to hear some of the gurus respond back on this topic, as its a very relevant metric for QA and infosec professionals. JS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCoebKEj7ZJktQNsRArTgAKCWf96Tp8NXF7GuTiQN1BzyVlTEMwCfXpj9 ++VxKBeI8WcXP5tLWUYQdU4= =WoVW -----END PGP SIGNATURE-----
Current thread:
- Microsoft Pushes Secure, Quality Code Kenneth Van Wyk (Oct 06)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 08)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
- Microsoft Pushes Secure, Quality Code J.M. Seitz (Oct 08)
- Microsoft Pushes Secure, Quality Code Romain Gaucher (Oct 09)
- Mainframe Security McGovern, James F (HTSC, IT) (Nov 01)
- Mainframe Security Johan Peeters (Nov 01)
- Mainframe Security Kenneth Van Wyk (Nov 01)
- Mainframe Security ljknews (Nov 01)
- Mainframe Security Paul Powenski (Nov 01)
- Mainframe Security Johan Peeters (Nov 02)
- Mainframe Security ljknews (Nov 02)
- Message not available
- Message not available
- Mainframe Security ljknews (Nov 02)
- Microsoft Pushes Secure, Quality Code Gary McGraw (Oct 08)
- Microsoft Pushes Secure, Quality Code Steven M. Christey (Oct 08)
- Mainframe Security Glenn and Mary Everhart (Nov 02)