- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. The Next CIO is You
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Business Mashups: Build and deploy applications without the need for professional developers
Foodstuffs Embraces Enterprise Mobility from the Warehouse to the Customer
Understanding Email Marketing: A Guide for SMBs
From Business Needs to Business Mashups in 3 simple steps
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
ALM for the Enterprise - Serena’s Approach to ALM 2.0
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
A new of piece software promises to provide an instant audit of source code, notifying developers of insecure coding practices and vulnerabilities.
CodeScan, developed by CodeScan Labs and released by Security-Assessment.com, analyses source code looking for vulnerabilities such as Cross-site scripting, SQL injection and input filtering.
To process the source files, CodeScan attempts to emulate a Web server by interpreting the source code. The processing starts at the main or global function of the source file, and traces the execution flow into and between functions and other routines. Variable assignments are then tracked, allowing CodeScan to build a picture of what has happened to a variable in its lifetime.
"By tracking the assignment of possible user input, CodeScan can make intelligent decisions about whether the input is used in a dangerous way," said Drazen Drazic, general manager Security-Assessment.com Australia.
He said most of the CodeScan rules are based around the detection of functions that are used with user-supplied input that has not being "filtered or sanitized".
CodeScan traces the possible values of variables as part of its vulnerability detection engine. During the life of a variable, values may be passed through functions that can perform 'filtering' of user-supplied input. CodeScan attempts to rank these functions and gives them a 'filter score'.
According to Drazic, CodeScan comes with information on the most commonly used syntax terms for each language with a predetermined filter score. Filter scores range between 0 and 100.
"Reported results with a low value or a value of zero are more likely to be vulnerable than those results with a higher value. This filtering allows the user to make a good judgement about whether a reported vulnerability could be exploited by a malicious user, and is used to reduce the number of false positives reported," he said.
The current version is for ASP with PHP to follow. Drazic said Java and .Net versions were also in development.
Security-Assessment.com, the sister company of CodeScan Labs, is the distributor and also the reseller of CodeScan in Australia. Drazic said it is currently looking at developing a reseller channel and is in discussions with a few organizations.
Licences are subscription-based and priced on the number of seats. There is also a package for consultants.
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Appoints New Vice President and General Manager Asia Pacific 2008-07-24 15:02:00+10
Vignette Appoints New Vice President and General Manager Asia Pacific 2008-07-24 15:02:00+10
Dimension Data Appoints New General Manager – Application Integration 2008-07-24 14:00:00+10
BlueCentral offers On-Demand Security Solution 2008-07-24 13:36:00+10
iPhone 3G Hits Australia - But be Careful Where You Click, Cautions IDC 2008-07-24 10:20:00+10
Unified Communications: Justifications and Predictions
Building a business case for Unified Communications is currently more of an art than a science. However, the difficulty of building a business case for UC does not mean that there is none - just that we need to view (and measure) UC's benefits in accordance with the stage of maturity of the technology's adoption. Read on to find out more.
