How to Create a Better Checklist

Bert Webb from Open Loops has some interesting tips on creating better checklists. Well worth reading.

BFBTester and other Auditing Tools

I tried out the nice bfbtester tool (Brute Force Binary Tester) today, which performs checks of single and multiple argument command line overflows as well as environment variable overflows and thus helps in finding possibly insecure software (and fixing it, of course).

A few minutes ago, I stumbled upon a very similar post by Nico Golde, who blogged about bfbtester today, too.

I'll probably post a slightly longer article eventually, listing some more tools for checking and auditing software (either black-box style using bfbtester or similar tools, or white-box style, i.e. tools which scan the source code of the software being tested, like rats, flawfinder, pscan etc.).

The Debian Security Audit Project (which I have joined recently in order to help a bit with auditing Debian packages) has some more information about a few Security Auditing Tools.

Syndicate content