Chapter 11: Simple Source Auditing Tools

 < Day Day Up > 



Overview

Aquick perusal of security web sites and mailing lists that catalog software vulnerabilities reveals a noticeable trend: Buffer overflows are responsible for remote vulnerabilities in software—regardless of the vendor, hardware, or operating system. It would be nice to have an extra compile option that would totally “securify” code as it is built. Some blame buffer overflows on the capability of C and C++ to handle raw memory and set pointers; they see these capabilities as inherent insecurities in the language.

Active Server Pages (ASP), Perl, Python, and PHP have their own insecurities—the world of hacking web applications based on these languages is alive and well. But well- written code, written in any language, tends to be secure code. The OpenBSD project lives by the tenet that security derives from diligent bug fixing. If, for example, someone discovers that one program uses the snprintf function incorrectly, a bug hunt is called in every other program that uses the snprintf function. Not every bug leads to a security vulnerability in the sense of a remote exploit, but stability, maintainability, and proactive defenses are all part of an excellent application.



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net