November 13, 2008
@ 12:46 PM
Comments [0]
How to Review Your Code and Test for Security Bugs

Michael Howard (Principal Security Program Manager)

Multipass:
- Run all available tools
- Look for patterns
- Deeper review of riskiest code

What does the bad guy control

- SQL injection issues
- Crypto issues (ie SHA512)
- Server XSS antixss library
- Integer Arithmetic issues
- Buffer overflow

Build or buy a Fuzzer


 
Categories: TechEd 2008

« Green Computing Through Sharing | Home | Web 2.0 + WCF »