August, 2007

Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    DREAD and the PHB

    Sometimes when I present about secure programming practices, I emphasize education for PM's, testers, and devs, for obvious reasons. Then there's the hard part – educating management. You really have to be able to do that – you need to spend time on security...
  • David LeBlanc's Web Log


    Both the STRIDE and DREAD systems Michael and I documented in Writing Secure Code have been criticized quite a bit. Neither of them were developed with any real academic rigor, and from a scientific standpoint, neither of them tend to hold up very well...
  • David LeBlanc's Web Log

    More on C++ code auditing

    Just now had a chance to take a look at the presentation I referenced last post. It's fairly long and detailed, but worth a thorough reading. You can grab it here: Someone commented on my last post that this stuff should be obvious...
  • David LeBlanc's Web Log

    Avoiding C++ vulnerabilities

    Just returned from Blackhat – it always seems that the presentations I most want to see happen at the same time as I'm scheduled to talk. Neel Mehta, John McDonald and Mark Dowd were talking about finding exploitable C++ specific flaws, and I was only...
Page 1 of 1 (4 items)