November 13, 2008
@ 12:46 PM
Comments [0]
How to Review Your Code and Test for Security Bugs

Michael Howard (Principal Security Program Manager)

Multipass:
- Run all available tools
- Look for patterns
- Deeper review of riskiest code

What does the bad guy control

- SQL injection issues
- Crypto issues (ie SHA512)
- Server XSS antixss library
- Integer Arithmetic issues
- Buffer overflow

Build or buy a Fuzzer


 
Categories: TechEd 2008

« Green Computing Through Sharing | Home | Web 2.0 + WCF »
Name
E-mail
Home page

Comment (Some html is allowed: a@href@title, strike) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

Enter the code shown (prevents robots):
Live Comment Preview