X05. An Overview of Source Code Scanning Tools. Loulwa Salem. Las Vegas, NV. IBM Corporation IBM System p, AIX 5L & Linux Technical University
|
|
- Deirdre Goodwin
- 8 years ago
- Views:
Transcription
1 X05 An Overview of Source Code Scanning Tools Loulwa Salem Las Vegas, NV
2 Objectives This session will introduce better coding practices and tools available to aid developers in producing more secure code. At the end of this session, you will: Get an overview of code vulnerabilities Get an overview of common coding mistakes Get an introduction to source code scanners Learn about IBM s efforts in the source code vulnerability space 2
3 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 3
4 Definitions Software Bug An error, flaw, mistake, failure, or fault in a computer program that prevents it from working as intended, or produces an incorrect result Security Vulnerability A weakness or a bug in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the data and applications it hosts 4
5 Definitions Computer Virus a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents Computer Worm a self-replicating computer program similar to a virus. A worm is self-contained and does not need to be part of another program to propagate itself 5
6 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 6
7 Motivation Vulnerability Statistics Vulnerabilities Year 7 CERT/CC Statistics
8 Bits of History Famous viruses and worms Elk Cloner First known computer virus Melissa virus March 1999 ($80M in damage) Love Bug worm May 2000 (Billions of dollars in damage) Code Red worm July 2001 ($1.2B in damage) Bugbear virus October 2002 and then in
9 Bits of History Famous viruses and worms (Cont d) Blaster worm August 2003 Mydoom worm January 2004 Fastest spreading worm as of 2004 Santy worm first known webworm December 2004 Samy worm October 2005 Fastest spreading worm as of
10 Cause of Code Vulnerabilities Lack of focus on security and secure programming techniques Programmers do not think in multi-user mode Programmers do not think like attackers Lots of legacy code Programmers are human 10
11 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 11
12 Common Exploits Buffer Overflows Look for: gets(), scanf(), sprintf(), strcat(), strcpy() Stack-based overflow Heap-based overflow X X X X X X X X Y Y H I Function X caused a buffer overflow X X X X X X X X Y Y a b a d i n p u t 0 12
13 Common Exploits Backdoors Method of bypassing authentication mechanism of a system Race Conditions A flaw in a software such that one event critically depends on the outcome and sequence of other events Format Strings Use of unfiltered user input as the format string parameter in certain functions that perform formatting. Look for: printf(), fprintf(), vprintf(), snprintf(), vsnprintf(), syslog() 13
14 Common Exploits Random Numbers Either not random, or predictable Look for: rand(), random() Shell Metacharacter Look for: exec(), popen(), system() Malicious Inputs Valid input intended to cause harm to a system 14
15 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 15
16 Better Coding Practices Defensive Programming Make no assumptions Set standards for coding Think about security early Reduce source code complexity Validate all inputs 16
17 Better Coding Practices Sanity check all inputs Use secure functions (e.g. strncpy, strncat) Think principle of Least Privileges Perform regular source code reviews Include security related tests in your testing stage 17
18 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 18
19 Source Code Scanners Motivation Most exploits are due to bad programming Manual reviews have limitations Can overlook vulnerabilities Are resource extensive Are time consuming 19
20 Source Code Scanners Lexical Static Analyzers Flawfinder Developed by David Wheeler Scans C and C++ RATS Rough Auditing Tool for Security Developed by Secure Software Scans C, C++, Perl, PHP and Python ITS4 - It's the Software Stupid Source Scanner Developed by Cigital Scans C and C++ 20
21 Source Code Scanners Compile-time Analyzers Sparse Kernel code scanner Coverity Developed by Coverity Inc. Commercial code scanner 21
22 Source Code Scanners Limitations Do not replace good manual code audits Only find flaws they are taught to find Scan limited selection of programming languages Produce lengthy outputs High rate of false positives 22
23 Agenda Definitions Overview Common Exploits Better Coding Practices Overview of Source Code Scanners IBM s Efforts in Vulnerability Space Demo 23
24 IBM s Role BogoSec What is BogoSec? Source code security quality metric tool Parses and analyzes output of other scanners It is not a source code scanner itself Calculates a value based on number of vulnerabilities found per LOC (lines of code) Currently supports: Flawfinder RATS ITS4 24
25 IBM s Role BogoSec Motivation Scanners produce lengthy outputs Quick measure of vulnerabilities per lines of code Easy way to compare packages Different versions of a package as well Automation of code scanning Current Status Available on Sourceforge 25
26 IBM s Role Coverity Scans Coverity Commercial source code scanner based on the Stanford Checker Detects problems at compile time Consists of a compilation wrapper and a web GUI to display results 26
27 27
28 IBM s Role Coverity Scans Results Scanned over 20 open source packages Submitted 78 patches to fix 148 bugs Submitted 49 fixes that are still awaiting acceptance Google and found by Coverity to see some of our contributions. 28
29 Conclusion Less vulnerable software starts with security conscious developers Code security should be considered early during the software development life cycle Multiple tools are available to aid programmers in developing more secure code 29
30 Resources Flawfinder ITS4 RATS Sparse Coverity 30
31 Resources BogoSec Wikipedia _science%29 nd_worms 31
32 Resources BULLGUARD 32 ruses.aspx Online NewsHour amous.html Secure Programming for Linux and Unix HOWTO by David Wheeler Secure Coding by David Wong
33 ?????? Questions???? 33
34 Legal Notice This work represents the views of the author and does not necessarily reflect the views of IBM. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this publication to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. 34
35 Legal Notice (Cont d) All information contained in this document is subject to change without notice. The products described in this document are NOT intended for use in applications such as implantation, life support, or other hazardous uses where malfunction could result in death, bodily injury, or catastrophic property damage. The information contained in this document does not affect or change IBM product specifications or warranties. Nothing in this document shall operate as an express or implied license or indemnity under the intellectual property rights of IBM or third parties. All information contained in this document was obtained in specific environments, and is presented as an illustration. The results obtained in other operating environments may vary. THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS. In no event will IBM be liable for damages arising directly or indirectly from any use of the information contained in this document. 35
36 Legal Notice - Trademarks IBM is a registered trademarks of International Business Machines Corporation. Linux is a registered trademark of Linus Torvalds. Microsoft, Windows, Windows NT and the Windows logo are trademarks of Microsoft Corporation in the United States, and/or other countries. Red Hat is a registered trademark of Red Hat, Inc. in the US and other countries. SUSE is a registered trademark of SUSE LINUX AG, a Novell business. Trusted Solaris is a trademark of Sun Microsystems, Inc. in the U.S. and other countries. Type Enforcement is a registered trademark of Secure Computing Corporation. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Other company, product and service names may be trademarks or service marks of others. 36
37 Backup Slides Demo Screen Shots 37
38 Flawfinder Flawfinder version 1.26, (C) David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 158 Examining /tmp/bogosec.rpm.dhcgmd/build/eject /eject.c /tmp/bogosec.rpm.dhcgmd/build/eject /eject.c:284: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.... Hits = 59 Lines analyzed = 1037 in 0.86 seconds (2897 lines/second) Physical Source Lines of Code (SLOC) = 779 Hits@level = [0] 0 [1] 11 [2] 30 [3] 3 [4] 14 [5] 1 Hits@level+ = [0+] 59 [1+] 59 [2+] 48 [3+] 18 [4+] 15 [5+] 1 Hits/KSLOC@level+ = [0+] [1+] [2+] [3+] [4+] [5+] Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! 38
39 RATS Entries in perl database: 33 Entries in python database: 62 Entries in c database: 334 Entries in php database: 55 Analyzing /tmp/bogosec.rpm.dhcgmd/build/eject /eject.c /tmp/bogosec.rpm.dhcgmd/build/eject /eject.c:1024: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Total lines analyzed: 1038 Total time seconds lines per second 39
40 BogoSec Running flawfinder... Running its4... Running rats... flawfinder 282 points 779 lines its4 754 points 1037 lines rats 983 points 1037 lines >>> Using scanners: (flawfinder its4 rats ) >>> 2019 total severity points >>> 2853 total lines of code scanned >>> final score =
41 BogoSec - Wrapper START : Mon May 10 15:57:00 CST 2006 ====================================== Package Sev Points Lines Of Code Final Score 4Suite src.rpm acpid src.rpm alsa-lib src.rpm am-utils src.rpm anacron src.rpm
Secure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationImproving Software Security at the. Source
Improving Software Security at the Source Greg Snyder Privacy & Security RIT January 28, 2006 Abstract While computer security has become a major focus of information technology professionals due to patching
More informationLinux. Managing security compliance
Linux Managing security compliance Linux Managing security compliance Note Before using this information and the product it supports, read the information in Notices on page 7. First Edition (December
More informationRelease Notes. IBM Tivoli Identity Manager Oracle Database Adapter. Version 5.0.1. First Edition (December 7, 2007)
IBM Tivoli Identity Manager Version 5.0.1 First Edition (December 7, 2007) This edition applies to version 5.0 of Tivoli Identity Manager and to all subsequent releases and modifications until otherwise
More informationSecure Programming and Source-Code Reviews - In the UNIX Environment. Thomas Biege <thomas@suse.de>
Secure Programming and Source-Code Reviews - In the UNIX Environment Thomas Biege What will I talk about? Application Design Programming Errors Cryptography and Randomness Secure Socket
More informationTivoli Endpoint Manager for Security and Compliance Analytics. Setup Guide
Tivoli Endpoint Manager for Security and Compliance Analytics Setup Guide Setup Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM Corporation
More informationVersion 8.2. Tivoli Endpoint Manager for Asset Discovery User's Guide
Version 8.2 Tivoli Endpoint Manager for Asset Discovery User's Guide Version 8.2 Tivoli Endpoint Manager for Asset Discovery User's Guide Note Before using this information and the product it supports,
More informationPatch Management for Red Hat Enterprise Linux. User s Guide
Patch Management for Red Hat Enterprise Linux User s Guide User s Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM Corporation 2003,
More informationEECS 354 Network Security. Introduction
EECS 354 Network Security Introduction Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature
More informationIBM Enterprise Content Management Software Requirements
IBM Enterprise Content Management Software Requirements This document describes the software prerequisite requirements for the IBM Enterprise Content Management suite of products. Last Updated: May 31,
More informationIBM Security QRadar Version 7.2.0. Installing QRadar with a Bootable USB Flash-drive Technical Note
IBM Security QRadar Version 7.2.0 Installing QRadar with a Bootable USB Flash-drive Technical Note Note: Before using this information and the product that it supports, read the information in Notices
More informationTivoli Security Compliance Manager. Version 5.1 April, 2006. Collector and Message Reference Addendum
Tivoli Security Compliance Manager Version 5.1 April, 2006 Collector and Message Reference Addendum Copyright International Business Machines Corporation 2006. All rights reserved. US Government Users
More informationMeasuring the Effect of Code Complexity on Static Analysis Results
Measuring the Effect of Code Complexity on Static Analysis Results James Walden, Adam Messer, and Alex Kuhl Department of Computer Science Northern Kentucky University Highland Heights, KY 41099 Abstract.
More information*[Bug hunting ] Jose Miguel Esparza 7th November 2007 Pamplona. 2007 S21sec
*[Bug hunting ] Jose Miguel Esparza 7th November 2007 Pamplona 2007 S21sec AGENDA Finding holes Fuzzing What is this? How to obtain data? Phases Tools Pros and cons Malybuzz What is this? Protocol specifications
More informationSource Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
More informationIdea: Measuring the Effect of Code Complexity on Static Analysis Results
Idea: Measuring the Effect of Code Complexity on Static Analysis Results James Walden, Adam Messer, and Alex Kuhl Department of Computer Science Northern Kentucky University Highland Heights, KY 41099
More informationHow to Deliver Measurable Business Value with the Enterprise CMDB
How to Deliver Measurable Business Value with the Enterprise CMDB James Moore jdmoore@us.ibm.com Product Manager, Business Service, Netcool/Impact 2010 IBM Corporation Agenda What is a CMDB? What are CMDB
More informationTivoli Endpoint Manager for Configuration Management. User s Guide
Tivoli Endpoint Manager for Configuration Management User s Guide User s Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM Corporation
More informationStatic Techniques for Vulnerability Detection
Static Techniques for Vulnerability Detection Kamran Zafar Asad Ali /LQN SLQJVXQLYHUVLW\6ZHGHQ (PDLO^NDP]DDVDDO`#VWXGHQWOLXVH $EVWUDFW )RU WKH ODVW \HDUV WKH LPSRUWDQFH RI EXLOGLQJ VHFXUH VRIWZDUH LV EHFRPLQJ
More informationIBM Lotus Protector for Mail Encryption. User's Guide
IBM Lotus Protector for Mail Encryption User's Guide Version Information Lotus Protector for Mail Encryption User's Guide. Lotus Protector for Mail Encryption Version 2.1.0. Released December 2010. This
More informationNovember 2015. Ex Libris Certified Third-Party Software and Security Patch Release Notes
November 2015 Ex Libris Certified Third-Party Software and Security Patch Release Notes CONFIDENTIAL INFORMATION The information herein is the property of Ex Libris Ltd. or its affiliates and any misuse
More informationPlatform LSF Version 9 Release 1.2. Migrating on Windows SC27-5317-02
Platform LSF Version 9 Release 1.2 Migrating on Windows SC27-5317-02 Platform LSF Version 9 Release 1.2 Migrating on Windows SC27-5317-02 Note Before using this information and the product it supports,
More informationCS z/os Application Enhancements: Introduction to Advanced Encryption Standards (AES)
Software Group Enterprise Networking and Transformation Solutions (ENTS) CS z/os Application Enhancements: Introduction to Advanced Encryption Standards (AES) 1 A little background information on cipher
More informationActive Directory Synchronization with Lotus ADSync
Redbooks Paper Active Directory Synchronization with Lotus ADSync Billy Boykin Tommi Tulisalo The Active Directory Synchronization tool, or ADSync, allows Active Directory administrators to manage (register,
More informationSoftware security assessment based on static analysis
Software security assessment based on static analysis Christèle Faure Séminaire SSI et méthodes formelles Réalisé dans le projet Baccarat cofinancé par l union européenne Context > 200 static tools for
More informationRequesting Access to IBM Director Agent on Windows Planning / Implementation
Requesting Access to IBM Director Agent on Windows Planning / Implementation Main When IBM Director Server first discovers a managed system, that system might be initially locked (represented by padlock
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationSecure Software Development and Code Analysis Tools
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Secure
More informationHP Security Assessment Services
HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing
More informationTivoli Endpoint Manager for Security and Compliance Analytics
Tivoli Endpoint Manager for Security and Compliance Analytics User s Guide User s Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM
More informationWeb application security: automated scanning versus manual penetration testing.
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
More informationSoftware security specification and verification
Software security specification and verification Erik Poll Security of Systems (SoS) group Radboud University Nijmegen Software (in)security specification and verification/detection Erik Poll Security
More informationTECHNICAL NOTE 08/04 IINTRODUCTION TO VULNERABILITY ASSESSMENT TOOLS
TECHNICAL NOTE 08/04 IINTRODUCTION TO VULNERABILITY ASSESSMENT TOOLS 1 OCTOBER 2004 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
More informationAutomatic vs. Manual Code Analysis
Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy ari.kesaniemi@nixu.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationIBM SmartCloud Analytics - Log Analysis. Anomaly App. Version 1.2
IBM SmartCloud Analytics - Log Analysis Anomaly App Version 1.2 IBM SmartCloud Analytics - Log Analysis Anomaly App Version 1.2 Note Before using this information and the product it supports, read the
More informationData Transfer Tips and Techniques
Agenda Key: Session Number: System i Access for Windows: Data Transfer Tips and Techniques 8 Copyright IBM Corporation, 2008. All Rights Reserved. This publication may refer to products that are not currently
More informationIBM Security SiteProtector System Migration Utility Guide
IBM Security IBM Security SiteProtector System Migration Utility Guide Version 3.0 Note Before using this information and the product it supports, read the information in Notices on page 5. This edition
More informationInfoPrint 4247 Serial Matrix Printers. Remote Printer Management Utility For InfoPrint Serial Matrix Printers
InfoPrint 4247 Serial Matrix Printers Remote Printer Management Utility For InfoPrint Serial Matrix Printers Note: Before using this information and the product it supports, read the information in Notices
More informationIBM WebSphere Data Interchange V3.3
IBM Software Group IBM WebSphere Data Interchange V3.3 This presentation will present an overview of the WebSphere Data Interchange product. IBM Software Group Page 1 of 14 Agenda IBM Software Group Electronic
More informationIBM Tivoli Web Response Monitor
IBM Tivoli Web Response Monitor Release Notes Version 2.0.0 GI11-4068-00 +---- Note ------------------------------------------------------------+ Before using this information and the product it supports,
More informationMigrating LAMP stack from x86 to Power using the Server Consolidation Tool
Migrating LAMP stack from x86 to Power using the Server Consolidation Tool Naveen N. Rao Lucio J.H. Correia IBM Linux Technology Center November 2014 Version 3.0 1 of 24 Table of Contents 1.Introduction...3
More informationInstalling on Windows
Platform LSF Version 9 Release 1.1 Installing on Windows SC27-5316-01 Platform LSF Version 9 Release 1.1 Installing on Windows SC27-5316-01 Note Before using this information and the product it supports,
More informationPacket Capture Users Guide
IBM Security QRadar Version 7.2.2 Packet Capture Users Guide SC27-6512-00 Note Before using this information and the product that it supports, read the information in Notices on page 9. Copyright IBM Corporation
More informationIntroduction to Information Security
Introduction to Information Security 0368-3065, Spring 2015 Lecture 1: Introduction, Control Hijacking (1/2) Eran Tromer Slides credit: Avishai Wool, Tel Aviv University 1 Administration Lecturer: Eran
More informationIBM Endpoint Manager Version 9.2. Software Use Analysis Upgrading Guide
IBM Endpoint Manager Version 9.2 Software Use Analysis Upgrading Guide IBM Endpoint Manager Version 9.2 Software Use Analysis Upgrading Guide Upgrading Guide This edition applies to IBM Endpoint Manager
More informationTHE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005
THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005 13 DECEMBER 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation
More informationIBM Security QRadar Version 7.1.0 (MR1) Replacing the SSL Certificate Technical Note
IBM Security QRadar Version 7.1.0 (MR1) Technical Note Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 5 Copyright IBM Corp.
More informationSoftware Security Testing
Software Security Testing Elizabeth Sanders Department of Electrical & Computer Engineering Missouri University of Science and Technology ejwxcf@mst.edu 2015 Elizabeth Sanders Pop Quiz What topics am I
More informationIBM TRIRIGA Version 10 Release 4.2. Inventory Management User Guide IBM
IBM TRIRIGA Version 10 Release 4.2 Inventory Management User Guide IBM Note Before using this information and the product it supports, read the information in Notices on page 19. This edition applies to
More informationIBM Security QRadar Version 7.1.0 (MR1) Checking the Integrity of Event and Flow Logs Technical Note
IBM Security QRadar Version 7.1.0 (MR1) Checking the Integrity of Event and Flow Logs Technical Note Note: Before using this information and the product that it supports, read the information in Notices
More informationThe Hacker Strategy. Dave Aitel dave@immunityinc.com. Security Research
1 The Hacker Strategy Dave Aitel dave@immunityinc.com Security Research Who am I? CTO, Immunity Inc. History: NSA->@stake -> Immunity Responsible for new product development Vulnerability Sharing Club
More informationz/os V1R11 Communications Server system management and monitoring
IBM Software Group Enterprise Networking Solutions z/os V1R11 Communications Server z/os V1R11 Communications Server system management and monitoring z/os Communications Server Development, Raleigh, North
More informationThe Need for Fourth Generation Static Analysis Tools for Security From Bugs to Flaws
The Need for Fourth Generation Static Analysis Tools for Security From Bugs to Flaws By Evgeny Lebanidze Senior Security Consultant Cigital, Inc. This paper discusses some of the limitations of the current
More informationSoftware Usage Analysis Version 1.3
Software Usage Analysis Version 1.3 Catalog Editor s Guide Catalog Editor s Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM Corporation
More informationIntroduction to PCI Express Positioning Information
Introduction to PCI Express Positioning Information Main PCI Express is the latest development in PCI to support adapters and devices. The technology is aimed at multiple market segments, meaning that
More informationMaximo Business Intelligence Reporting Roadmap Washington DC Users Group
Maximo Business Intelligence Reporting Roadmap Washington DC Users Group Pam Denny, IBM Email: pdenny@us.ibm.com Twitter: andbflo_denny May 2014 Please note IBM s statements regarding its plans, directions,
More informationIBM RDX Removable Disk Backup Solution (Withdrawn) Product Guide
IBM RDX Removable Disk Backup Solution (Withdrawn) Product Guide The new IBM RDX removable disk backup solution is designed to reliably and cost-effectively help protect your business's valuable assets.
More informationSystem Security Guide for Snare Server v7.0
System Security Guide for Snare Server v7.0 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct,
More informationCSE331: Introduction to Networks and Security. Lecture 18 Fall 2006
CSE331: Introduction to Networks and Security Lecture 18 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Attacker
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationIBM Lotus Enterprise Integrator (LEI) for Domino. Version 8.5.2. August 17, 2010
IBM Lotus Enterprise Integrator (LEI) for Domino Version 8.5.2 August 17, 2010 A) What's new in LEI V8.5.2 B) System requirements C) Installation considerations D) Operational considerations E) What's
More informationOPEN SOURCE SECURITY
OPEN SOURCE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationWORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:
HALMSTAD UNIVERSITY Network Design and Computer Management Course Title: Network Security Project Title: WORMS Project members: - Tchape Philippe 841122-T099 - Jose Enrique Charpentier 830112-9154 Lecturer:
More informationUnified Infrastructure Management Compatibility Matrix April 4, 2016
Unified Infrastructure Management Compatibility Matrix April 4, 2016 1 Unified Infrastructure Management Compatibility Matrix- CA Technologies Legal Notices Copyright 2016, CA. All rights reserved. Warranty
More informationCPNI TECHNICAL NOTE 04/2008 VULNERABILITY ASSESSMENT TOOLS
CPNI TECHNICAL NOTE 04/2008 VULNERABILITY ASSESSMENT TOOLS DECEMBER 2008 CPNI would like to acknowledge and thank NCC for their help in the preparation of this report. Disclaimer: Reference to any specific
More informationMore Than A Microsoft World. Marc Maiffret Co-Founder Chief Hacking Officer
More Than A Microsoft World Marc Maiffret Co-Founder Chief Hacking Officer The eeye Marketing Slide We Make Security Software Retina Network Security Scanner Blink Host Based Security REM Enterprise Vulnerability/Threat
More informationDB2 Database Demonstration Program Version 10.5 Installation and Quick Reference Guide
DB2 Database Demonstration Program Version 10.5 Installation and Quick Reference Guide George Baklarz, PhD Worldwide DB2 Technical Sales Support IBM Toronto Laboratory DB2 Demonstration Program Version
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationNimsoft Monitor Compatibility Matrix October 17, 2013
Nimsoft Monitor Compatibility Matrix October 17, 2013 1 Nimsoft Monitor Compatibility Matrix Legal Notices Copyright 2013, CA. All rights reserved. Warranty The material contained in this document is provided
More informationIBM PowerSC Technical Overview IBM Redbooks Solution Guide
IBM PowerSC Technical Overview IBM Redbooks Solution Guide Security control and compliance are some of the key components that are needed to defend the virtualized data center and cloud infrastructure
More informationBBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can
BBM 461: SECURE PROGRAMMING INTRODUCTION 1 Ahmet Burak Can COURSE MATERIAL Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston, Prentice Hall
More informationOS Deployment V2.0. User s Guide
OS Deployment V2.0 User s Guide User s Guide i Note: Before using this information and the product it supports, read the information in Notices. Copyright IBM Corporation 2003, 2011. US Government Users
More informationPatch Assessment Content Update Release Notes for CCS 11.0. Version: 2012-2 Update
Patch Assessment Content Update Release Notes for CCS 11.0 Version: 2012-2 Update Patch Assessment Content Update 2012-2 Release Notes for CCS 11.0 Legal Notice Copyright 2012 Symantec Corporation. All
More informationIBM Configuring Rational Insight 1.0.1.1 and later for Rational Asset Manager
IBM Configuring Rational Insight 1.0.1.1 and later for Rational Asset Manager Rational Insight and Rational Asset Manager...4 Prerequisites...5 Configuring the XML data configuration for Rational Asset
More informationCoverity White Paper. Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing
Reduce Your Costs: Eliminate Critical Security Vulnerabilities with Development Testing The Stakes Are Rising Security breaches in software and mobile devices are making headline news and costing companies
More informationCourse Modules for Software Security
Course Modules for Software Security Austin Frazier, Xiaohong Yuan, Yaohang Li, Stephan Hudson, North Carolina A&T State University Abstract Each year the reported number of security vulnerabilities increases
More informationIBM Network Advisor IBM Redbooks Product Guide
IBM Network Advisor IBM Redbooks Product Guide This IBM Redbooks Product Guide describes IBM Network Advisor Version 12.4. Although every network type has unique management requirements, most organizations
More informationDB2 Database Demonstration Program Version 9.7 Installation and Quick Reference Guide
DB2 Database Demonstration Program Version 9.7 Installation and Quick Reference Guide George Baklarz DB2 Worldwide Technical Sales Support IBM Toronto Laboratory DB2 Demonstration Program Version 9.7 Usage
More informationIBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment
IBM TRIRIGA Anywhere Version 10 Release 4 Installing a development environment Note Before using this information and the product it supports, read the information in Notices on page 9. This edition applies
More informationIBM Enterprise Marketing Management. Domain Name Options for Email
IBM Enterprise Marketing Management Domain Name Options for Email Note Before using this information and the product it supports, read the information in Notices on page 3. This document applies to all
More informationIBM Cognos Controller Version 10.2.1. New Features Guide
IBM Cognos Controller Version 10.2.1 New Features Guide Note Before using this information and the product it supports, read the information in Notices on page 3. Product Information This document applies
More informationA Test Suite for Basic CWE Effectiveness. Paul E. Black. paul.black@nist.gov. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black paul.black@nist.gov http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
More informationIntroduction to Computer Administration. System Administration
Introduction to Computer Administration System Administration System Administration System Administration Duties of System Administrator Types of Administrators/Users Operating Systems Supporting Administration
More informationIBM TRIRIGA Application Platform Version 3.3.2. Reporting: Creating Cross-Tab Reports in BIRT
IBM TRIRIGA Application Platform Version 3.3.2 Reporting: Creating Cross-Tab Reports in BIRT Cheng Yang Application Developer IBM TRIRIGA Copyright International Business Machines Corporation 2013. US
More informationHow To Manage A System Vulnerability Management Program
System Vulnerability Management Definitions White Paper October 12, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that allows
More informationCommon Criteria Evaluation Challenges for SELinux. Doc Shankar IBM Linux Technology Center dshankar@us.ibm.com
Common Criteria Evaluation Challenges for SELinux Doc Shankar IBM Linux Technology Center dshankar@us.ibm.com Agenda Common Criteria Roadmap/Achievements CAPP/LSPP Overview EAL4 Overview Open Sourcing
More informationIBM RDX USB 3.0 Disk Backup Solution IBM Redbooks Product Guide
IBM RDX USB 3.0 Disk Backup Solution IBM Redbooks Product Guide The new IBM Removable Disk EXchange (RDX) USB 3.0 removable disk backup solution is designed to address your increasing capacity and backup
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationIBM Systems and Technology Group Technical Conference
IBM TRAINING IBM STG Technical Conference IBM Systems and Technology Group Technical Conference Munich, Germany April 16 20, 2007 IBM TRAINING IBM STG Technical Conference E72 Storage options and Disaster
More informationClassification of Security Issues
Classification of Security Issues By Mark J Cox Abstract Red Hat has implemented a scheme from Red Hat Enterprise Linux 4 to publicly classify the impact of security issues found in our products and services..customers
More informationIntel I340 Ethernet Dual Port and Quad Port Server Adapters for System x Product Guide
Intel I340 Ethernet Dual Port and Quad Port Server Adapters for System x Product Guide Based on the new Intel 82580 Gigabit Ethernet Controller, the Intel Ethernet Dual Port and Quad Port Server Adapters
More informationCommunications Server for Linux
Communications Server for Linux SNA connectivity ^business on demand software Multiple types of connectivity exist within the Communications Server for Linux. CSLinux_snaconn.ppt Page 1 of 10 SNA connectivity
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationContinuous access to Read on Standby databases using Virtual IP addresses
Continuous access to Read on Standby databases using Virtual IP addresses January 2011 Table of contents 1 Executive summary...1 1.1 HADR system configuration...1 1.2 System pre-requisites...1 2 Setup
More informationApplication Intrusion Detection
Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction
More informationRequirements for Upgrading from MetaLib 3.13 to MetaLib 4. Version 4
Requirements for Upgrading from MetaLib 3.13 to MetaLib 4 Version 4 CONFIDENTIAL INFORMATION DISCLAIMER The information herein is the property of Ex Libris Ltd. or its affiliates and any misuse or abuse
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More informationCA Automation Suite for Data Centers
PRODUCT SHEET CA Automation Suite for Data Centers agility made possible Technology has outpaced the ability to manage it manually in every large enterprise and many smaller ones. Failure to build and
More information