Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Generalized List of Threats and Vulnerabilities

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Fri, 21 Jan 2000 10:56:11 -0800

Dave, my first thought is Bruce Schneier's Applied Cryptography. It is
not only encryption algorithms; he stresses the need for secure protocols
within which the encryption algorithms can be used.

My next thought is Elias Levy's (Aleph1, moderator of another
SecurityFocus.com mailing list, bugtraq) Smashing the Stack for Fun and
Profit. (I hope I got that correct.) It is an essay he wrote in a recent
issue of phrack (phrack.com I think.) (But, this is an essay about a
specific form of attack, but it is generalized away from specific attacks.
If I recall. :)

Maybe our friends over at openbsd.org have some good information.

I remember a chapter or two in the Perl book, with some nice info related to
CGI problems that are common -- anything you get from the user or from
clients or from servers needs to be checked to ensure it is sane.

hth

On Fri, Jan 21, 2000 at 12:12:38PM -0500, Dave Drake wrote:

Does anyone know a good URL for a discussion that speaks toThreats and
Vulnerabilities in a generalized fashion.  I am building a device and wish to
discuss it in a Concept of Operations document with respect to how it stacks up
against a generalized type list.
Thx in advance,
Dave Ducke


--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!
Previous By Date Next
Previous By Thread Next

Current thread: