Re: Vuln Scanner for Web App Source Code

Hi..

Mildly on-topic, i had just made a post to our external blog, on the
sorts of bugs that a Waf/Code Analyzer will never find:
http://www.sensepost.com/blog/2237.html

ActiveX Repurposing.. (aka: Other bugs your static analyzer will never
find..) (aka 0day^H^H 485day bug!)

/mh

--
Haroon Meer, SensePost Information Security | http://www.sensepost.com/blog/ PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637

Attachment: pgp5R3JXFg6iL.pgp
Description: PGP signature

Relevant Pages

  • Re: Python from Wise Guys Viewpoint
    ... Lex Spoon writes: ... >certainly had plenty of other sorts of bugs. ... Many "other sorts of bugs", e.g. passing arguments in the wrong order ...
    (comp.lang.lisp)
  • Linux portability bugs
    ... automatically discover portability bugs in system-level code written ... I am looking for advice on how/where to look for these kinds of bugs ... describes exactly these sorts of issues in the context of Linux/ARM ... bugs occurred, patches that addressed them, etc. ...
    (Linux-Kernel)
  • Re: Looking for a compiler
    ... >>I'm looking for a compiler, I'm running Windows XP. ... >>good one that can output assembly and that has all sorts of good ... C++ isn't exactly free of bugs either. ...
    (comp.lang.cpp)
  • Re: ping - pmj IE7 Security
    ... as the micro$oft Internet Explorer Web Browser, ... all sorts of Bugs & problems in it & stuff which previously worked OK, ...
    (uk.people.silversurfers)
  • Re: Linux portability bugs
    ... automatically discover portability bugs in system-level code written ... My definition of "portability" is at the data layout level, ... I am looking for advice on how/where to look for these kinds of bugs ... describes exactly these sorts of issues in the context of Linux/ARM ...
    (Linux-Kernel)