Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: SDLC and Change Management - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SDLC and Change Management

We received several reports today of a high profile software vendor's website that had a directory traversal bug in a specific script.  And while it is fun to find these still in existence in 2007, it's probably more likely that new code was introduced or existing code was modified without the security auditors looking at it.

So how good is your change management process when it comes to code that has been security reviewed?  In most cases, reviewing the changes is just as important as performing the code audit in the first place.

 Kyle

112 Posts
Sep 26th 2007
Thread locked Subscribe Sep 26th 2007
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!