Attacking Attack Patterns
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Fri Feb 19 16:36:32 PST 2010
Robert Jacques wrote:
> On Fri, 19 Feb 2010 14:44:14 -0500, Manfred_Nowak <svv1999 at hotmail.com>
> wrote:
>
>> http://cwe.mitre.org/top25/
>> shows patterns of attacs.
>>
>> Does someone see a way to use D design patterns to stop attack patterns?
>>
>> -manfred
>
> I really don't like this list because its a list of unsecure coding
> patterns and not dangerous one. The only one of them has ever killed
> anyone (race conditions, #25), the rest just lead to identity theft. I'd
> also put "poorly written error messages", "integer overflows" and
> "corrupting datafiles" up there as things that have killed people.
>
> Anyways, in response to your question D's concurrency strategy should
> make it (relatively) difficult to cause races. And most of the attack
> patterns are at a higher level than raw code.
Oh hey... null pointer dereference is not on the list :o).
Andrei
More information about the Digitalmars-d
mailing list