Limits of Current Tools
Some Tools for Finding and Addressing Problems in Software
Nessus/AppScan: SQL injection, XSS, Overflows
Fuzz testers, Proxies: Input validation
Application-layer Firewalls, HIDS: Dealing with failures
These Tools Have Limits
They can't catch the classes of mistakes we're talking about
They encourage the misapplication of security techniques
- They identify specific symptoms, not basic problems
- They foster fix-ups, not prevention
This page is maintained by Foofus.
Send comments or questions to foofus@foofus.net.