December 3, 2003

Santum and SPI Dynamics Web App scanner shoot-out

Starting to look at web application scanners. January 2003 - Wide Open on Port 80 - How good are Web app scanners at rooting out vulnerabilities? We test two of the leading tools head-to-head to find out. This review of the two leading ones is interesting. It leaves something to be desired though. I understand network vulnerability scanning, you have lots of standard devices in lots of places. With web apps each one is a custom app. There are logic errors. There are specific features on them like the fuzzy numbers/letters that are there to specifically thward bots from running the app. You gotta have some human intervention.

Posted by Martin at 3:53 PM | Comments (0) | TrackBack

November 13, 2003

New CSO council of heavyweights

Looks like some serious companies are getting together to pow-wow about security. New CSO Council A good place for start-ups to go a'call'n.

Posted by Martin at 8:14 PM | Comments (0) | TrackBack

October 9, 2003

New SAN/FBI top 20 vulnerabilities

Read 'em and weep...SANS Top 20 Vulnerabilities - The Experts Consensus

Posted by Martin at 4:16 PM | Comments (0) | TrackBack

September 2, 2003

The virus that is GNU

<a title="GNU's Not Unix! - the GNU Project and the Free Software Foundation (FSF)" href="http://www.gnu.org/">GNU's Not Unix! - the GNU Project and the Free Software Foundation (FSF)</a> has created a virus that threatens the entire software world. It is the GPL. Linking to GPL'ed code can make your code part of it and therefore you do not have much IP protection. This is bad for all software developers. My friend Troy sent a good link to a well thought through tread on the subject:

One of the lists I skim, cni-copyright, covered the GPL in pretty good
detail:
https://mail2.cni.org/Lists/CNI-COPYRIGHT/List.html
.. then search for: Open Source Licensing

I'll let the thread stand by itself except to say that the FSF's enforcement of the license has been very consistent and at least *their* intent is very clear. Can't comment about anyone else's intent..

Troy

Posted by Martin at 8:22 AM | Comments (1) | TrackBack