Security Basics mailing list archives
Re: Detecting vulnerabilities to write exploits
From: kmuskrat () gmail com
Date: 5 Jan 2006 04:43:41 -0000
One way of finding holes in software is obviously to analyze the source code. You can look for code in which input is unchecked (for example, the use of strcpy()). Sometimes this allows for buffer overflows which can result in the execution of code. Other times, it might be something simpler like allowing PHP to be submitted in forms, which can allow attackers to query a database or expose files. An article worth reading is Aleph One's article which appeared in Phrack 49, "Smashing the Stack for Fun and Profit." http://www.insecure.org/stf/smashstack.txt --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Detecting vulnerabilities to write exploits neelima_2sha (Jan 03)
- Re: Detecting vulnerabilities to write exploits ahmad mubarak (Jan 04)
- Re: Detecting vulnerabilities to write exploits Joshua (Jan 04)
- Re: Detecting vulnerabilities to write exploits vinny (Jan 05)
- Re: Detecting vulnerabilities to write exploits Joshua (Jan 04)
- Re: Detecting vulnerabilities to write exploits Gunnar Wolf (Jan 05)
- <Possible follow-ups>
- Re: Detecting vulnerabilities to write exploits kmuskrat (Jan 06)
- Re: Detecting vulnerabilities to write exploits ahmad mubarak (Jan 04)