On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego <thesp0...@gmail.com> wrote: > Hi list, just 2 lines for promoting my new blog on application security: > http://armoredcode.com > The idea is to talk about appsec using the developers language so talking > about testing frameworks and practices, libraries to enforce security, how > to read a penetration test report, some "hands on" with live code examples > and some interviews with appsec and developers superstar. > > If you would like to add it on your feed, it would be great. For the love of <higher power>, please discuss the tool chain's static analysis capabilities, and suggest a clean compile as a security gate (gcc: -Wall -Wextra -Wconversion).
>From my experience, its nearly impossible to 'quick audit' a GNU project. Entering `make CFLAGS="-Wall -Wextra -Wconversion ..." causes so much output its difficult to locate/triage issues. You will be swimming against the tide with some of the l33t k3rn3l hack3rz: "Gcc is crap" [1]. Jeff [1] "[PATCH] Don't compare unsigned variable for <0 in sys_prctl()," http://linux.derkeiler.com/Mailing-Lists/Kernel/2006-11/msg08325.html. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
