discuss: New HOTWO Proposal - Source Code Auditing HOWTO
Subject:
New HOTWO Proposal - Source Code Auditing HOWTO
From:
Steve Kemp ####@####.####
Date:
10 May 2004 14:16:14 -0000
Message-Id: <20040510141613.GA22541@steve.org.uk>
I've been interested in computer security for a while, and have been
performing a lot of source code audits in my spare time.
As part of a website I'm trying to put together a document explaining
how these are constructed, and it seems logical to me that this could
be written in docbook format and submitted to the TLDP.
I've had a look over the current HOWTOs and I don't see anything
immediately comparable.
My intention is that the source code auditing HOWTO will fit the
gap between those documents describing secure programming practises
and those which describe how to exploit buggy software.
The piece is work in progress and is devided up as follows:
1. General
2. Intro
3. Choosing a target program.
4. Automated auditing with tools.
5. Manual inspection.
6. Reporting problems.
7. Further information.
Any comments would be greatfully received. I guess my biggest
concern right now is that the subject scope might be very narrow
and too specific to be interesting to other readers?
Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/