Techniques for Vulneability discovery

From: kaipower (kaipower@subdimension.com)
Date: 04/05/02 

From: "kaipower" <kaipower@subdimension.com>
To: <security-basics@securityfocus.com>, <vuln-dev@security-focus.com>, <vuln-dev@securityfocus.com>
Date: Fri, 5 Apr 2002 09:04:33 +0800

Hi,

After reading the mailing list for quite a while, there is a burning
question which I kept asking myself:

How do experts discover vulnerabilities in a system/software?

Some categories of vulnerabilities that I am aware of:
1) Buffer overflow (Stack or Heap)
2) Mal access control and Trust management
3) Cross site scripting
4) Unexpected input - e.g. SQL injection?
5) Race conditions
6) password authentication

Do people just run scripts to brute force to find vulnerabilities? (as in
the case of Buffer overflows)
Or do they do a reverse engineer of the software?

How relevant is reverse engineering in this context?

Anybody out there care to give a methodology/strategy in finding
vulnerabilities?

Mike


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Relevant Pages

  • [NT] CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... Remote exploitation of multiple buffer overflow vulnerabilities in ... rxsGetSubDirs, rxsGetServerDBPathName, rxsSetServerOptions, rxsDeleteFile, ...
    (Securiteam)
  • RE: Techniques for Vulneability discovery
    ... As a software tester I might offer some information. ... Testing can be a basic as holding down a key in a field for two minutes to see if a buffer overflow happened. ... How do experts discover vulnerabilities in a system/software? ... Or do they do a reverse engineer of the software? ...
    (Vuln-Dev)
  • RE: Techniques for Vulneability discovery
    ... As a software tester I might offer some information. ... Testing can be a basic as holding down a key in a field for two minutes to see if a buffer overflow happened. ... How do experts discover vulnerabilities in a system/software? ... Or do they do a reverse engineer of the software? ...
    (Security-Basics)
  • [Full-disclosure] iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Deskto
    ... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... ARCServe Backup for Laptops and Desktops is a version of ARCServe Backup ... Remote exploitation of multiple buffer overflow vulnerabilities in ... bypass vulnerability described in a previous iDefense advisory any ...
    (Full-Disclosure)
  • iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Ove
    ... CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow ... ARCServe Backup for Laptops and Desktops is a version of ARCServe Backup ... Remote exploitation of multiple buffer overflow vulnerabilities in ... bypass vulnerability described in a previous iDefense advisory any ...
    (Bugtraq)