[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Static Code Analysis... Problem/Solution
- From: "Rafal @ IsHackingYou" <rafal@xxxxxxxxxxxxxxxx>
- Subject: [WEB SECURITY] Static Code Analysis... Problem/Solution
- Date: Sun, 18 May 2008 22:49:30 -0500
------=_NextPart_000_0030_01C8B939.6ED311E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hey readers -
I've been researching the topic of Web App Sec "Whitebox" testing =
and have seen some significant failures and problems with the general =
concept in modern implementations. That being said, I've written a =
2-part series of articles that I thought I would ask for the community's =
response on. Given that the first "problems" article has gotten some =
decent response I posted the follow-up tonight... if you have a minute =
and would like to provide me some feedback, please give this a read.
Quick disclaimer, I work for HP ASC so the view in the "solution" is =
obviously working off of the technology advancements we're implementing =
(that being said, it's *not* a product plug, I promise). Obviously the =
opinion here is mine, and no one else's... except where quoted.
Again, I appreciate everyone's constructive feedback and welcome any =
discourse on the topic. I honestly don't think we're giving this topic =
enough attention and hopefully this shines a spotlight.
Part 1
Static Code Analysis Failures
Part 2
Hybrid Analysis - The Answer to Static Code Analysis Shortcomings=20
Thanks!
__
Rafal (Ralph) M. Los
IT Security - Response | Mitigation | Strategy
E-mail: rafal at ishackingyou dot com
- gPGP: 0xFFC63B33
- Blog: http://preachsecurity.blogspot.com
- Blog: http://portal.spidynamics.com/blogs/rafal/
------=_NextPart_000_0030_01C8B939.6ED311E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type =
content=3Dtext/html;charset=3Diso-8859-1>
<META content=3D"MSHTML 6.00.6001.18023" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-TOP: 15px"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 CanvasTabStop=3D"true"=20
name=3D"Compose message area">
<DIV><FONT face=3DArial size=3D2>Hey readers -</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> <FONT face=3DArial size=3D2>I've been =
researching the=20
topic of Web App Sec "Whitebox" testing and have seen some significant =
failures=20
and problems with the general concept in modern implementations. =
That=20
being said, I've written a 2-part series of articles that I thought I =
would ask=20
for the community's response on. Given that the first "problems" =
article=20
has gotten some decent response I posted the follow-up tonight... =
if you=20
have a minute and would like to provide me some feedback, please give =
this a=20
read.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> <FONT face=3DArial size=3D2>Quick =
disclaimer, I work=20
for HP ASC so the view in the "solution" is obviously working off of the =
technology advancements we're implementing (that being said, it's *not* =
a=20
product plug, I promise). Obviously the opinion here is mine, and =
no one=20
else's... except where quoted.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV> <FONT face=3DArial size=3D2>Again, I =
appreciate=20
everyone's constructive feedback and welcome any discourse on the =
topic. I=20
honestly don't think we're giving this topic enough attention and =
hopefully this=20
shines a spotlight.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Part 1</STRONG></FONT></DIV>
<DIV><A=20
title=3D"http://portal.spidynamics.com/blogs/rafal/archive/2008/05/06/Sta=
tic-Code-Analysis-Failures.aspx CTRL + Click to follow link"=20
href=3D"http://portal.spidynamics.com/blogs/rafal/archive/2008/05/06/Stat=
ic-Code-Analysis-Failures.aspx">Static=20
Code Analysis Failures</A></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Part 2</STRONG></FONT></DIV><A=20
title=3D"http://portal.spidynamics.com/blogs/rafal/archive/2008/05/15/Hyb=
rid-Analysis-_2D00_-The-Answer-to-Static-Code-Analysis-Shortcomings.aspx&=
#10;CTRL + Click to follow link"=20
href=3D"http://portal.spidynamics.com/blogs/rafal/archive/2008/05/15/Hybr=
id-Analysis-_2D00_-The-Answer-to-Static-Code-Analysis-Shortcomings.aspx">=
Hybrid=20
Analysis - The Answer to Static Code Analysis Shortcomings</A>=20
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks!</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV><FONT face=3DArial =
size=3D2>
<DIV><BR>__<BR>Rafal (Ralph) M. Los<BR>IT Security - Response | =
Mitigation |=20
Strategy</DIV>
<DIV> </DIV>
<DIV>E-mail: <EM>rafal at ishackingyou dot com</EM><BR> -=20
gPGP: 0xFFC63B33<BR> - Blog: <A =
title=3D"http://preachsecurity.blogspot.com CTRL + Click to follow =
link"=20
href=3D"http://preachsecurity.blogspot.com";>http://preachsecurity.blogspo=
t.com</A></DIV>
<DIV> - Blog: <A=20
title=3D"http://portal.spidynamics.com/blogs/rafal/ CTRL + Click to =
follow link"=20
href=3D"http://portal.spidynamics.com/blogs/rafal/";>http://portal.spidyna=
mics.com/blogs/rafal/</A></FONT></DIV></BODY></HTML>
------=_NextPart_000_0030_01C8B939.6ED311E0--
Brought to you by http://www.webappsec.org
Search this site
|