WebApp Sec mailing list archives
RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Wed, 16 Jul 2008 11:02:43 +0100
this is fairly stupid.
LOL; more stupid than vacuous name calling, or less?
what financial institutions are using floating point and not decimal variables to represent their money? very few i'd guess. it hardly needs to be said that anyone using FP variables to do financial maths should be shot.
LOL2; unfortunately you have guessed wrong. Do not pass go. Do not collect ukp200. We see this kind of thing all the time in financial applications.
your last recommendation for c# is wrong. == is fine for numbers. your test above even proves it!
Er, obviously you have become confused due of the ambiguity of the bit where it says "This type of caching does not exist in C# as can be seen from the equivalent code example". Thanks for the constructive criticism though. Martin... ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Re: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) Andy Steingruebl (Jul 15)
- RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) Martin O'Neal (Jul 16)
- <Possible follow-ups>
- Re: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) silky (Jul 15)
- RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) Martin O'Neal (Jul 16)
- Message not available
- RE: [Webappsec] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) Martin O'Neal (Jul 16)