Re: [Full-disclosure] New member asking question...
- From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
- Date: Fri, 30 Jun 2006 15:56:04 -0400
I have been reading the posts over the past few weeks, and am wondering
how the heck you guy discover these vulnerabilities. Granted, I am
still very new to the IS world, but I cannot begin to understand how you
discover weaknesses. After reading these posts, the explanation always
makes since, but are you guys actively seeking weaknesses, or just
happen to come across them?
Learn how things are *supposed* to work (for example, write your own webserver in C), then intentionally throw broken requests at it. Eventually you'll find a result you *didn't* expect, and that's what you should investigate. Knowing *what* is broken is never as important as *why*.
As mentioned by another, learning to dream in C, and understanding asm go a *long* way.
Oh .. and one more note .. practice on your own stuff. It's easy to get arrested in the process of learning if you're not careful. When you get good at it, play nice and adhere to the rules of "responsible disclosure" (search the archives for lengthy threads on this seperate issue)
/mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- RE: [Full-disclosure] New member asking question...
- From: Reynolds, Joseph R
- RE: [Full-disclosure] New member asking question...
- Prev by Date: Re: [Full-disclosure] New member asking question...
- Next by Date: Re: [Full-disclosure] Advisory from AMIT concern BANTOWNE
- Previous by thread: Re: [Full-disclosure] New member asking question...
- Index(es):
Relevant Pages
|
|
