Re: Techniques for Vulneability discovery
From: GomoR (GomoR@gomor.org)Date: 04/09/02
- Previous message: Rafael Anschau: "Re: Techniques for Vulneability discovery"
- In reply to: kaipower: "Techniques for Vulneability discovery"
- Next in thread: David Hawley: "RE: Techniques for Vulneability discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Apr 2002 16:03:28 +0200 From: GomoR <GomoR@gomor.org> To: security-basics@securityfocus.com
On Fri, 5 Apr 2002 09:04:33 +0800
"kaipower" <kaipower@subdimension.com> wrote:
> Hi,
>
> After reading the mailing list for quite a while, there is a burning
> question which I kept asking myself:
>
> How do experts discover vulnerabilities in a system/software?
>
> Some categories of vulnerabilities that I am aware of:
> 1) Buffer overflow (Stack or Heap)
> 2) Mal access control and Trust management
> 3) Cross site scripting
> 4) Unexpected input - e.g. SQL injection?
> 5) Race conditions
> 6) password authentication
>
> Do people just run scripts to brute force to find vulnerabilities? (as in
> the case of Buffer overflows)
> Or do they do a reverse engineer of the software?
>
> How relevant is reverse engineering in this context?
>
> Anybody out there care to give a methodology/strategy in finding
> vulnerabilities?
>
> Mike
>
There is just a new article published that covers this point.
I've read it, and I think it could help you a little.
http://www.computer.org/computer/sp/articles/arc/index.htm
______________________________________________________________________
__ __
/ || \ FreeBSD Network - http://www.GomoR.org/
| __ |___/ Security Engineer Junior
| || \
\__|| \ >root is the only God I believe in<
- Previous message: Rafael Anschau: "Re: Techniques for Vulneability discovery"
- In reply to: kaipower: "Techniques for Vulneability discovery"
- Next in thread: David Hawley: "RE: Techniques for Vulneability discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
