We like to use an analogy to understand the importance of architectural and implementation analysis. Auditing implementations by inspecting code is much like checking for high-quality locks on your windows and doors. A useful activity to be sure, but only when the building in question has four walls and roof. When you’re missing a wall, it doesn’t do much good to make sure the front door locks properly. Who cares about specific details when the entire architecture is fundamentally unsound?
John Viega and Gary Mc Graw. Chapter 6, Auditing Software, Building Secure Software.
There’s a little bit progress today. I can execute the source code with run-jetty-run. But it still won’t show up on the web browser.
2008-10-15 18:23:50.876::INFO: Logging to STDERR via org.mortbay.log.StdErrLog
2008-10-15 18:23:50.313::INFO: jetty-6.1.6
2008-10-15 18:23:54.905:/lpse:INFO: Loading Spring root WebApplicationContext
INFO com.iaodt.framework.config.Config [main] - Loading properties file from class path resource [application.properties]
INFO com.iaodt.framework.config.Config [main] - Config initialized by Spring
…
…
…
2008-10-15 18:24:01.385::INFO: Started SelectChannelConnector@0.0.0.0:8080
In the end, security must be understood in terms of a simple question: Secure against what and from whom? Understanding security is best understood by thinking about goals. What is we are trying to protect? From whom are we protecting it? How can we get what we want?
Page 18, Chapter 1 Introduction to Software Security, Building Secure Code.
I have my Iceweasel crash when open AJAX page. Here’s the log from the terminal.
za@zara:~$ iceweasel
** Message: GetValue variable 1 (1)
** Message: GetValue variable 2 (2)
** Message: GetValue variable 1 (1)
** Message: GetValue variable 2 (2)
** Message: GetValue variable 1 (1)
** Message: GetValue variable 2 (2)
** Message: GetValue variable 1 (1)
** Message: GetValue variable 2 (2)
** Message: GetValue variable 1 (1)
** Message: GetValue variable 2 (2)
open dsp: Device or resource busy
New block
The program 'firefox-bin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadImplementation (server does not implement operation)'.
(Details: serial 30 error_code 17 request_code 145 minor_code 5)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the --sync command line
option to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
Write tutorial with print screen? It’s really helpful especially when we easily forgot.
