Re: Detecting vulnerabilities to write exploits

[kmuskrat () gmail com]

One way of finding holes in software is obviously to analyze the source code.  You can look for code in which input is 
unchecked (for example, the use of strcpy()).  Sometimes this allows for buffer overflows which can result in the 
execution of code.

Other times, it might be something simpler like allowing PHP to be submitted in forms, which can allow attackers to 
query a database or expose files.

An article worth reading is Aleph One's article which appeared in Phrack 49, "Smashing the Stack for Fun and Profit."

http://www.insecure.org/stf/smashstack.txt

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------