mailing list archives
Re: A new blog on application security - armoredcode.com
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 21 Mar 2012 08:55:39 -0400
On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego <thesp0nge () gmail com> wrote:
Hi list, just 2 lines for promoting my new blog on application security:
The idea is to talk about appsec using the developers language so talking
about testing frameworks and practices, libraries to enforce security, how
to read a penetration test report, some "hands on" with live code examples
and some interviews with appsec and developers superstar.
If you would like to add it on your feed, it would be great.
For the love of <higher power>, please discuss the tool chain's static
analysis capabilities, and suggest a clean compile as a security gate
(gcc: -Wall -Wextra -Wconversion).
From my experience, its nearly impossible to 'quick audit' a GNU
project. Entering `make CFLAGS="-Wall -Wextra -Wconversion ..." causes
so much output its difficult to locate/triage issues.
You will be swimming against the tide with some of the l33t k3rn3l
hack3rz: "Gcc is crap" .
 "[PATCH] Don't compare unsigned variable for <0 in sys_prctl(),"
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates