I normally code in C for anything "real" and use C++, MFC for user interfaces as its quick and easy and also if you need to access a database (wait for it... its easy to use MSDE, SQL Server Express etc) as well as Oracle databases from MFC to create sophisticated and quick (in terms of writing) Windows code.
I saw a post on Francois Degrelle's blog today that reminded me of the library and I thought its worth a quick promote here. What's the security angle? - well we are developing Oracle security tools internally for use in audits, code audits, forensics, encryption reviews and more in C and OCI. The tools I use myself for many years are written in PL/SQL and are used to capture raw data as part of audits and other investigatory work. I have decided to convert the tools to C for speed, security of IPR and to make updates - which are frequent and often easier. The focus of our security audits is always manual in terms of analysis and we still do large parts of the audit manually and also by interview this is because a much clearer and deeper picture can be obtained in this way but tools are also important to capture and gather the large amounts of data needed to be analysed manually for all the parameters and privileges set in the dictionary. Anyway here is a glimps, it is in C, its fully instrumented, generates logs and is driven by configurations that can be read from MSDE or text based files and does SQL connections to the database and ssh to the server for gathering data and checks.
C:\oscan -c oscan.conf -v OSCAN: Release 0.1.12 - Alpha on Mon Apr 07 11:18:26 2008 Copyright (c) 2003, 2008, PeteFinnigan.com Limited. All rights reserved. [2008 Apr 07 10:18:26] Logger: Starting OSCAN... [2008 Apr 07 10:18:26] Logger: Running Scanner .... [2008 Apr 07 10:27:32] Logger: Closing Down OSCAN |
Yes, i know the timing shows GMT and the system date/time is BST, it needs to be fixed still!
