Hey now, application developers are (supposed to be) very security
conscience. And leave it to system guys to just look at the traffic.
One of the most common ways for security to fail on a website is false form
submissions that include some sort of injection. Real application
developers will sanitize data and vet any incoming data carefully. That
said comprehensive audit software is kinda lacking for web applications,
http://w3af.org/ is kinda close, and is a good place to start.
On Wed, Feb 6, 2013 at 11:48 AM, Tim Johnson <tim@akwebsoft.com> wrote:
> * Tom Simes <simestd@netexpress.com> [130206 11:28]:
> > On 02/06/13 11:05, Arthur Corliss wrote:
> > > I haven't started a flame war in a while, so...
> > >
> >
> > > Trust no one. Especially application developers.
> > >
> >
> > Don't forget those sneaky individuals that roll their own distros, no
> > telling WHAT they are stuffing in the folds ;)
> OK : here is question for you paranoid sysadmins ((not that there's
> anything wrong with that) it's a good thing)
>
> Is there a way to test for compiled-in back-doors to say - a
> python, PHP or a perl interpreter.
>
> Could any of you sysadmins caught that little hickup in the JVM?
>
> http://www.pcworld.com/article/2025178/oracle-releases-java-fix-but-security-concerns-remain.html
> I'm old enough to have remembered "The Bomb" as in cold war, duck
> and cover etc.
>
> Methinks todays' "The Bomb" is cyber security breaches.
> --
> Tim
> tim at tee jay forty nine dot com or akwebsoft dot com
> http://www.akwebsoft.com
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 6 11:51:54 2013
This archive was generated by hypermail 2.1.8 : Wed Feb 06 2013 - 11:51:54 AKST