Vulnerability Development mailing list archives
Re: Techniques for Vulneability discovery
From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Fri, 5 Apr 2002 09:54:31 -0800
On Fri, Apr 05, 2002 at 09:04:33AM +0800, kaipower said:
Hi,
Hey! I'm no "expert" but I'll try to add a little...
How do experts discover vulnerabilities in a system/software?
This of course depends on what it is that you are auditing. Meaning is the software open source, a binary, local app or a network daemon. There is different approaches to all of them. Each audit of a given piece of software has to take what the software is designed to do, and the valid channels of input into the program into account. This is the starting place for any audit.
Do people just run scripts to brute force to find vulnerabilities? (as in the case of Buffer overflows)
Absolutely. Local binaries can be tested using any number of "fuzz" testers. Google can tell you all about these fuzz testers.
Anybody out there care to give a methodology/strategy in finding vulnerabilities?
I'll just list a few that I am familiar with. 1.) source code audit - obviously only applicable when source is available. Visual inspection of the source code looking for places where one might be able to take control of or crash the application. 2.) previously discovered techniques - look at problems that have occurred in similar applications. It's very likely that these same problems may occur in other applications as well. 3.) perl -e 'print "A"x1000' | foo :) I'm sure there are many more people on the list who can fill in much more. -- Josha Bronson dmuz () angrypacket com AngryPacket Security
Current thread:
- Techniques for Vulneability discovery kaipower (Apr 04)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- RE: Techniques for Vulnerability discovery Leon (Apr 08)
- Re: Techniques for Vulneability discovery Florian Hobelsberger / BlueScreen (Apr 05)
- Re: Techniques for Vulneability discovery Josha Bronson (Apr 05)
- Re: Techniques for Vulneability discovery LS (Apr 05)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- Re: RE: Techniques for Vulneability discovery LS (Apr 08)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- RE: Techniques for Vulneability discovery Marc Maiffret (Apr 05)
- Re: Techniques for Vulneability discovery NoCoNFLiC (Apr 05)
- Re: Techniques for Vulneability discovery 3APA3A (Apr 06)
- Re: Techniques for Vulneability discovery Rafael Anschau (Apr 09)
- Re: Techniques for Vulneability discovery GomoR (Apr 09)
- RE: Techniques for Vulneability discovery David Hawley (Apr 10)
- <Possible follow-ups>
- RE: Techniques for Vulneability discovery Ed Moyle (Apr 05)
(Thread continues...)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)