RE: Techniques for Vulneability discovery

From: David Hawley (chiman@hawaiian.net)
Date: 04/10/02 

From: "David Hawley" <chiman@hawaiian.net>
To: "kaipower" <kaipower@subdimension.com>, <security-basics@securityfocus.com>, <vuln-dev@security-focus.com>, <vuln-dev@securityfocus.com>
Date: Tue, 9 Apr 2002 22:46:50 -0700

Well Kai, they do all of the above.

Some companies hire an independant Audit team to audit software. Some read
bugtraq, incidents, and others wait until they get hacked. :-)

David Hawley

-----Original Message-----
From: kaipower [mailto:kaipower@subdimension.com]
Sent: Thursday, April 04, 2002 5:05 PM
To: security-basics@securityfocus.com; vuln-dev@security-focus.com;
vuln-dev@securityfocus.com
Subject: Techniques for Vulneability discovery

Hi,

After reading the mailing list for quite a while, there is a burning
question which I kept asking myself:

How do experts discover vulnerabilities in a system/software?

Some categories of vulnerabilities that I am aware of:
1) Buffer overflow (Stack or Heap)
2) Mal access control and Trust management
3) Cross site scripting
4) Unexpected input - e.g. SQL injection?
5) Race conditions
6) password authentication

Do people just run scripts to brute force to find vulnerabilities? (as in
the case of Buffer overflows)
Or do they do a reverse engineer of the software?

How relevant is reverse engineering in this context?

Anybody out there care to give a methodology/strategy in finding
vulnerabilities?

Mike

_________________________________________________________

Do You Yahoo!?

Get your free @yahoo.com address at http://mail.yahoo.com

Quantcast