From: ken kousky (kkouskyip3inc.com)
Date: Thu Apr 15 2004 - 09:30:27 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The way I learned most about our open coded vulnerabilities was through a
free site scan by Spi Dynamics. Not trying to sell a vendor product since
they'll do a free scan you to help you understand what's out there. The
report that they provide is a great starting point to see what you're up
against. Well worth the time and effort. www.Spidynamics.com should have a
link somewhere for the free test. If they don't show it on the site, call
and ask for a sales rep, I know they'll still do them for qualified
accounts.

KWK

-----Original Message-----
From: Bobby, Paul [mailto:paul.bobbylmco.com]
Sent: Wednesday, April 14, 2004 10:03 AM
To: secprogsecurityfocus.org
Subject: Code Assessment

I appreciate the discussions on various coding methodologies, however I've
been asked to approach application testing from a penetration point of view.

I'm just beginning my research in to this topic, and wanted to ask within
this list early on.

I am looking to assess the integrity of an application either by scanning
the source code for potential problems (like a security lint for example),
and secondly, various tools that test the application in runtime.

The majority of applications to be assessed are written in cold fusion,
java, c/c++ and some .asp.

Thank you

Paul Bobby
Lockheed Martin Systems Integration

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]