Category Archives: software

Unicode security attacks and test cases – Normalization expansion for buffer overflows

Posted on April 3, 2009 by Chris Weber

Normalization, like casing operations, can cause changes to the number of characters and bytes in a string. In testing software, I want to know how to get the most bang for my buck – in other words, what’s the minimal … Continue reading →

Posted in Unicode, software, testing | Tagged normalization, test cases | Leave a comment

Code review checklists

Posted on April 7, 2008 by Chris Weber

I just learned about Guidance Explorer (from Alik Levin’s blog), which has been out for about a year and a half now. Looking for checklists and guidance for security reviews? The team there seems to have quite a bit of … Continue reading →

Posted in code review, security, software | Leave a comment

Streamlining security code reviews

Posted on April 7, 2008 by Chris Weber

This is great: From: http://blogs.msdn.com/alikl/archive/2008/01/24/security-code-review-use-visual-studio-bookmarks-to-capture-security-findings.aspx Security Code Review – Use Visual Studio Bookmarks To Capture Security Findings How to streamline the process of capturing security flaws during security code review? How to save time and avoid switching between the tools? … Continue reading →

Posted in code review, security, software | Leave a comment

Category Archives: software

Unicode security attacks and test cases – Normalization expansion for buffer overflows

Code review checklists

Streamlining security code reviews

Archives

Meta