Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: Code Assessment
From: ken kousky (kkouskyip3inc.com)
Date: Thu Apr 15 2004 - 09:30:27 CDT
The way I learned most about our open coded vulnerabilities was through a
free site scan by Spi Dynamics. Not trying to sell a vendor product since
they'll do a free scan you to help you understand what's out there. The
report that they provide is a great starting point to see what you're up
against. Well worth the time and effort. www.Spidynamics.com should have a
link somewhere for the free test. If they don't show it on the site, call
and ask for a sales rep, I know they'll still do them for qualified
From: Bobby, Paul [mailto:paul.bobbylmco.com]
Sent: Wednesday, April 14, 2004 10:03 AM
Subject: Code Assessment
I appreciate the discussions on various coding methodologies, however I've
been asked to approach application testing from a penetration point of view.
I'm just beginning my research in to this topic, and wanted to ask within
this list early on.
I am looking to assess the integrity of an application either by scanning
the source code for potential problems (like a security lint for example),
and secondly, various tools that test the application in runtime.
The majority of applications to be assessed are written in cold fusion,
java, c/c++ and some .asp.
Lockheed Martin Systems Integration