Software auditing
@Stake LC5
LC4 is a password auditing and recovery application. It helps administrators secure Windows-authenticated networks through comprehensive auditing of Windows NT and Windows 2000 user account passwords. LC4 recovers Windows user account passwords to streamline migration of users to another authentication system or to access accounts whose passwords are lost.
@STAKE security tools list
This is another list with security related tools, maintained by former l0pht, now @stake. Some known *nix- and win-tools, but also some interesting tools for PalmOS.
Dmalloc - Debug Malloc Library
The debug memory allocation or dmalloc library has been designed as a drop in replacement for the system's malloc, realloc, calloc, free and other memory management routines while providing powerful debugging facilities configurable at runtime. These facilities include such things as memory-leak tracking, fence-post write detection, file/line number reporting, and general logging of statistics.
How to find security holes
A paper about code review. The body text was last changed back in 1999, but most of the things mentioned in the text are still valid.
Linux Security Audit Project FAQ
The Linux Security Audit Project (LSAP) was created to help coordinate and discuss the security and auditing of the free software available. The FAQ a collection of common questions posted to the security-audit mailing list once a month.
Microsoft .NET Framework Security Overview
This document provides an overview of the Microsoft .NET Framework security architecture, including evidence-based security, role-based security, the concepts of authentication and authorization, as well as isolated storage, cryptography, and extensibility. It also outlines the key benefits to developers, administrators, and end-users of the .NET Framework security policy. This document assumes the reader is generally familiar with the .NET Framework common language runtime and the concept of managed code.
Security Code Review Guidelines
A somewhat outdated paper about how to review source code for security holes.The document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what the author looks for in a review.
Sun Software Security Audit page
Ressources from SUN for security audit. Some basic texts about the audit subsystem in trusted solaris, some tools and some documentation.
