Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SDLC and Change Management SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SDLC and Change Management

We received several reports today of a high profile software vendor's website that had a directory traversal bug in a specific script.  And while it is fun to find these still in existence in 2007, it's probably more likely that new code was introduced or existing code was modified without the security auditors looking at it.

So how good is your change management process when it comes to code that has been security reviewed?  In most cases, reviewing the changes is just as important as performing the code audit in the first place.

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!