mailing list archives
Re: How T-Mobil's network was compromised
From: Willem Koenings <infsec () gmail com>
Date: Sat, 19 Feb 2005 16:12:29 +0200
On Fri, 18 Feb 2005 16:49:03 -0500, Valdis.Kletnieks () vt edu
<Valdis.Kletnieks () vt edu> wrote:
On Fri, 18 Feb 2005 16:04:52 EST, bkfsec said:
Are you aware of any server software that has been so rigorously tested
that it has no flaws at all?
That would be one hell of a find...
"Testing can reveal the presence of flaws, but not their absence" -- E. Dijkstra
In my belief, this is not completely true. Let's say we are testing
web application, as this thread already started from one. Let's say
i'm testing application regarding to input sanitizing. Code analysis
is one type of testing. When i do code analysis and look, how user
input is handled, i have those results:
- user input is correctly sanitized and there is no flaw
- use input is not correctly sanitized and there is a flaw
So above saying is not always completly true. But you can't use
testing to find something you don't know at this exact moment -
all the best,
Full-Disclosure - We believe in it.