y bug class " when doing assessments or
deciding on my coding language.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Tuesday, February 05, 2008 8:37 PM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Programming language comparison?
ljknews wrote:
> At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:
>> On Mon, 4 Feb 2008, ljknews wrote:
>>
("%s" to fill up disk or memory, anybody?), so it's marked with
"All" and it's not in the C-specific view, even though there's a heavy
concentration of format strings
At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:
> On Mon, 4 Feb 2008, ljknews wrote:
>
>> > ("%s" to fill up disk or memory, anybody?), so it's marked with
>> > "All" and it's not in the C-specific view, even though there's a heavy
>> > concentration of format strings in C/C++.
>>
>> It
Steven,
A while back Hal Burch and I wrote an article on "Programming Language
Format String Vulnerabilities" which is available here:
http://www.ddj.com/security/197002914
In the article we looked at the potential consequences of format string
vulnerabilities in Perl, PHP, Java, Python, and Rub
On Mon, 4 Feb 2008, ljknews wrote:
> > ("%s" to fill up disk or memory, anybody?), so it's marked with
> > "All" and it's not in the C-specific view, even though there's a heavy
> > concentration of format strings in C/C++.
>
> It is marked as "All" ?
>
> What is the construct in Ada that
At 4:41 PM -0500 2/4/08, Steven M. Christey wrote:
> On Mon, 4 Feb 2008, Robert A. Martin wrote:
>
>> You still need to add to that issues that apply to all languages
>> versus these lists of language specific weaknesses and C and C++ have
>> significant overlap given their relationship.
>
> Ther
My final paper for my masters degree was on how some vulnerabilities
manifest themselves, or fail to manifest, in different programming
languages. I included C, C++, Java, Perl, and Standard ML. The title
of the paper is "Implications of Programming Language Selection On
the Construction of Sec
Gentleman,
Thanks for the contributions to my question. They've been helpful!
Vincent
Vincent Verhagen wrote:
> Hi all,
>
> I was referred to this list by a fellow security consultant for this
> specific question. Please forgive me if this is the wrong forum :)
>
> We're in the process of crea
On Mon, 4 Feb 2008, Robert A. Martin wrote:
> You still need to add to that issues that apply to all languages
> versus these lists of language specific weaknesses and C and C++ have
> significant overlap given their relationship.
There is an important point to keep in mind when using the (curre
Hi Vincent,
While not a overview, you can find language specific weaknesses for
C, Java, C++, and PHP on the "Other Views" page of the Common
Weakness Enumeration (CWE) Project (see
http://cwe.mitre.org/data/other.html).
The "List" items give the names of the issues, the "Slice" gives a
conca
Hi all,
I was referred to this list by a fellow security consultant for this
specific question. Please forgive me if this is the wrong forum :)
We're in the process of creating a kind of handbook for third parties
that develop web applications for us.
One (quite extensive, I'm happy to report)
11 matches
Mail list logo