Re: Secure programming FAQ?

From: Jose Nazario (joseat_private)
Date: Thu Jan 23 2003 - 17:03:42 PST

  • Next message: Steven M. Christey: "[Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing"

    On Fri, 24 Jan 2003 jeremydat_private wrote:
    
    > I'm curious if anyone maintains a FAQ or something similar that
    > discusses common failures of programmers in regards to security?  I
    > would especially be interested in common mistakes as well as real world
    > solutions to those mistakes.
    
    there are a couple of well maintained, freely available documets you
    should check out. one is a bit smaller than the other but they're both big
    and will be at least a few days' of reading:
    
    	Secure UNIX Programming FAQ
    	http://www.whitefang.com/sup/
    
    	Secure Programming for Linux and Unix HOWTO
    	http://www.dwheeler.com/secure-programs/
    
    the others are worth reading:
    
    	Secure UNIX Programming FAQ (from comp.security.unix, dated)
    	http://www.faqs.org/faqs/unix-faq/programmer/secure-programming/
    
    	How to Write Secure Code (cool set of links)
    	http://www.shmoo.com/securecode/
    
    
    looking this over again it's all UNIX specific. i do not know what would
    be the good Win32 programming FAQs, i expect someone will offer a good
    list for the archives.
    
    ___________________________
    jose nazario, ph.d.			joseat_private
    					http://www.monkey.org/~jose/
    



    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 17:14:28 PST