Honestly.. I find the best approach to discovering the unknown to be
starting from square one without any shortcuts. I like the idea of having
two teams - one to use the software and find obvious issues and work on
them and one elite haxor ninja crew to try everything else.
Ain't no such thing as the best solution. That said.. always ask your
friends to hack you. :) Infact that should just be a thing at all times..
hack your buddies.
- Shane
On Wed, Feb 6, 2013 at 1:30 PM, Doug Davey <doug.davey@gmail.com> wrote:
> The point of the audit software is to giving a finite list of flaws. If
> you don't punch holes in your own security, and can detect when others do,
> you can catch the tortoise.
>
> I think that the only way to build a secure site of a large size is to use
> test based programming. That way any change to the program is verified
> against all previous development automatically.
>
>
> On Wed, Feb 6, 2013 at 12:36 PM, Marc Grober <marc@interak.com> wrote:
>
>>
>>
>> On Feb 6, 2013, at 11:21 AM, Tom Simes <simestd@netexpress.com> wrote:
>> > Don't forget those sneaky individuals that roll their own distros, no
>> > telling WHAT they are stuffing in the folds ;)
>>
>> Virtually anything can be hidden in plain sight in a *x system. As an SA
>> do you run a regular report on changed time stamps? Clock anomalies?
>> Reboots? sudo and su? How do you sort and address alarms and warnings? If
>> you can't stop whatever, can you detect & remediate quickly enough? Bottom
>> like is one of your worst enemies is your user demand for speed. Get rid of
>> the users and life would be much more secure ;-)
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 6 14:25:46 2013
This archive was generated by hypermail 2.1.8 : Wed Feb 06 2013 - 14:25:46 AKST