Security Basics mailing list archives

Re: how to discover vulnerability?

From: "Andy Cuff [talisker]" <offthecuff () lineone net>
Date: Thu, 17 Apr 2003 20:58:13 +0100

Hi nguyen
There are a few tools out there to help you, but it's a matter of keep
plugging away.  Look at existing vulnerabilities and figure out the methods
used by others and adapt them.  I'm no expert at this and it amazes me how
some of the vulnerabilities are found, but mostly it comes down to crap
code.  I've been working on a new page for my site for instructor lead
training courses that cover  some of the advanced issues around
vulnerabilities covering:
Writing secure code
Finding Vulnerabilities
Writing Exploits

It's still so much in it's infancy it's not even on the nav bar yet, but as
you asked, you can find
it at http://www.networkintrusion.co.uk/Csoftadvan.htm

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Quynh Nguyen Anh" <quynh () sfc keio ac jp>
To: <security-basics () securityfocus com>
Sent: Thursday, April 17, 2003 2:39 AM
Subject: how to discover vulnerability?

hello,

i have a question: almost every day, there are many security holes are
discovered. i wonder how they can find these holes?

1. for open source softwares, they must read every source line ?
2. for closed source softwares, they must reverse engineering binary code


anway, i dont know exactly how they can discover holes!

your ideas on this matter?

many thanks.
nguyen


--------------------------------------------------------------------------

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today

to

ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------

Current thread:

how to discover vulnerability? Quynh Nguyen Anh (Apr 17)
- RE: how to discover vulnerability? David Gillett (Apr 17)
- Re: how to discover vulnerability? Andy Cuff [talisker] (Apr 17)
  - Re: how to discover vulnerability? K. K. Mookhey (Apr 21)
- <Possible follow-ups>
- Re: how to discover vulnerability? Ali Saifullah Khan (Apr 21)
  - Re: how to discover vulnerability? dwarkeeper (Apr 25)