Secure Coding mailing list archives
Re: A new blog on application security - armoredcode.com
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 21 Mar 2012 08:55:39 -0400
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego <thesp0nge () gmail com> wrote:
Hi list, just 2 lines for promoting my new blog on application security: http://armoredcode.com The idea is to talk about appsec using the developers language so talking about testing frameworks and practices, libraries to enforce security, how to read a penetration test report, some "hands on" with live code examples and some interviews with appsec and developers superstar. If you would like to add it on your feed, it would be great.
For the love of <higher power>, please discuss the tool chain's static analysis capabilities, and suggest a clean compile as a security gate (gcc: -Wall -Wextra -Wconversion).
From my experience, its nearly impossible to 'quick audit' a GNU
project. Entering `make CFLAGS="-Wall -Wextra -Wconversion ..." causes so much output its difficult to locate/triage issues. You will be swimming against the tide with some of the l33t k3rn3l hack3rz: "Gcc is crap" [1]. Jeff [1] "[PATCH] Don't compare unsigned variable for <0 in sys_prctl()," http://linux.derkeiler.com/Mailing-Lists/Kernel/2006-11/msg08325.html. _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- A new blog on application security - armoredcode.com Paolo Perego (Mar 20)
- Re: A new blog on application security - armoredcode.com Jeffrey Walton (Mar 22)
- Re: A new blog on application security - armoredcode.com Paolo Perego (Mar 22)
- Re: A new blog on application security - armoredcode.com Jeffrey Walton (Mar 22)