Secure Coding mailing list archives
Re: A new blog on application security - armoredcode.com
From: Paolo Perego <thesp0nge () gmail com>
Date: Wed, 21 Mar 2012 14:31:08 +0100
On 21 March 2012 13:55, Jeffrey Walton <noloader () gmail com> wrote:
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego <thesp0nge () gmail com> wrote:If you would like to add it on your feed, it would be great.For the love of <higher power>, please discuss the tool chain's static analysis capabilities, and suggest a clean compile as a security gate (gcc: -Wall -Wextra -Wconversion).
Hi Jeff, thanks for the suggestion... I was arguing if there were people interested in plain old school security applied to non web application. Of course I'll cover static analysis and how to use compilers and interpreters to spot security bugs... I think some posts to recap what a buffer overflow or format bug vulnerabilities are can be useful, what do you think about it? Does it make sense?
From my experience, its nearly impossible to 'quick audit' a GNU project. Entering `make CFLAGS="-Wall -Wextra -Wconversion ..." causes so much output its difficult to locate/triage issues.
It is... in this case, some grep command lines are more useful but it's a very interesting topic to go deeper.
You will be swimming against the tide with some of the l33t k3rn3l hack3rz: "Gcc is crap" [1].
All assumptions about how perfect are compilers or interpreters go to /dev/null. Software is written by humans, so all software is bugged by definition. All checks are necessary . Paolo -- "... static analysis is fun, again!" life from an application security guy ~> http://armoredcode.com
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- A new blog on application security - armoredcode.com Paolo Perego (Mar 20)
- Re: A new blog on application security - armoredcode.com Jeffrey Walton (Mar 22)
- Re: A new blog on application security - armoredcode.com Paolo Perego (Mar 22)
- Re: A new blog on application security - armoredcode.com Jeffrey Walton (Mar 22)