Vulnerability Development mailing list archives
Re: Generalized List of Threats and Vulnerabilities
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Fri, 21 Jan 2000 10:56:11 -0800
Dave, my first thought is Bruce Schneier's Applied Cryptography. It is not only encryption algorithms; he stresses the need for secure protocols within which the encryption algorithms can be used. My next thought is Elias Levy's (Aleph1, moderator of another SecurityFocus.com mailing list, bugtraq) Smashing the Stack for Fun and Profit. (I hope I got that correct.) It is an essay he wrote in a recent issue of phrack (phrack.com I think.) (But, this is an essay about a specific form of attack, but it is generalized away from specific attacks. If I recall. :) Maybe our friends over at openbsd.org have some good information. I remember a chapter or two in the Perl book, with some nice info related to CGI problems that are common -- anything you get from the user or from clients or from servers needs to be checked to ensure it is sane. hth On Fri, Jan 21, 2000 at 12:12:38PM -0500, Dave Drake wrote:
Does anyone know a good URL for a discussion that speaks toThreats and Vulnerabilities in a generalized fashion. I am building a device and wish to discuss it in a Concept of Operations document with respect to how it stacks up against a generalized type list. Thx in advance, Dave Ducke
-- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
- Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)
- bruterh.sh & syslogd & [g]libc & proftpd & wu-ftpd & sendmail Michal Zalewski (Jan 23)
- things to break.. Inedag () AOL COM (Jan 23)
- CGI insecurities hypoclear - lUSt - (Linux Users Strike Today) (Jan 23)