Security Basics mailing list archives
RE: Carrying out an application security assessment for a Visual Basic application
From: Tony UcedaVélez <tonyuv () versprite com>
Date: Wed, 28 Mar 2007 14:42:43 -0400
It really depends on the nature of the application and what it is intended to do. Devoid of that information, my general recommendations are to see how it is handling the following: - authentication - encryption - storing/ caching of data across objects - input validation - error handling - process management (all under one process? sub-processes?) - code management (versioning, check-in/check-out procedures) - coding environment assessment (for testing/ development/migration from) - adding VB libraries (if and when necessary versus adding a whole list of libraries for no added functionality) - data integrity validation functions Again, these are just simple starting points for performing a general app assessment devoid of any tools and checking things manually. Sharing with the group what the app does may reveal more targeted recommendations. Best wishes, Tony UcedaVélez, CISM, CISA, GIAC President VerSprite, LLC (office) 678.938.3434 (email) tonyuv () versprite com (web) www.versprite.com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Pranav Lal Sent: Monday, March 26, 2007 6:47 AM To: security-basics () securityfocus com Subject: Carrying out an application security assessment for a Visual Basic application Hi all, I need to do a security assessment of an application that is written in Visual Basic. I am not too sure of the version. It is probably version 6. The back end is Oracle. What do I look at? I will ve able to get access to the source code. I used to code in VB quite some time back so I should be able to understand what is happening. However, from the application security point of view, I need to know what to check. Any one any pointers? Pranav
Current thread:
- Carrying out an application security assessment for a Visual Basic application Pranav Lal (Mar 28)
- RE: Carrying out an application security assessment for a Visual Basic application Tony UcedaVélez (Mar 28)