Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

RES: Fail Open Authentication and Parameter Injection

From: Mads Rasmussen <mads(at)opencs.com.br>
Date: Tue Mar 25 2003 - 14:00:20 EST

> -----Mensagem original-----
> De: Jeff Williams @ Aspect [mailto:jeff.williams@aspectsecurity.com]

<snip>

> You just can't beat actually looking at the code. You'll need to work
out
> a process for reviewing the code and a standard to review against.
You
> also need to make sure you've found ALL the code. But a code review
will
> give you some real assurance that you've covered everything...in a way

Sure enough but you often have to prioritize opening the possibility of missing something.
Something that should get high priority would be

authentication
content modifying code etc

Mads Received on Tue Mar 25 15:20:16 2003

This message: [ Message body ]
Next message: Jeff Williams (at) Aspect: "Re: Fail Open Authentication and Parameter Injection"
Previous message: St. Clair, James: "Session Fixation"
In reply to Jeff Williams (at) Aspect: "Re: Fail Open Authentication and Parameter Injection"
Next in thread: Jeff Williams (at) Aspect: "Re: Fail Open Authentication and Parameter Injection"
Reply: Jeff Williams (at) Aspect: "Re: Fail Open Authentication and Parameter Injection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library