Re: how to discover vulnerability?

["Ali Saifullah Khan" <ali_saifullah () hotmail com>]

Well, there has been debate for some time now over this issue.
most ways of writing stack/heap/buffer overflows deal with searching for 
places in the code where there are either in-efficient or non-existent 
boundary checking conditions.

using snprintf() instead of printf() is an example subject which has 
undergone considerable debate for a long time. But there are several other 
theologies you may consider when attempting to exploit a loophole in an 
application. it can be the way it takes input, not necessarily how it takes 
input. if one can structure ways to force input to the application while not 
necessarily attempting buffer overflows, but just by the way the programmer 
has designed the application to deal with input data, you have every chance 
of exploiting a new loophole, the programmer may have never even thought 
about, or written code to avoid.

Regards,
Ali Saifullah Khan

> ----- Original Message -----
> From: "Quynh Nguyen Anh" <quynh () sfc keio ac jp>
> To: <security-basics () securityfocus com>
> Sent: Thursday, April 17, 2003 2:39 AM
> Subject: how to discover vulnerability?
>
>
> > hello,
> >
> > i have a question: almost every day, there are many security holes are
> > discovered. i wonder how they can find these holes?
> >
> > 1. for open source softwares, they must read every source line ?
> > 2. for closed source softwares, they must reverse engineering binary 
> code
> ?
> >
> > anway, i dont know exactly how they can discover holes!
> >
> > your ideas on this matter?
> >
> > many thanks.
> > nguyen
> >
> >
> > 
> --------------------------------------------------------------------------
> -
> > Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, 
> the
> > world's premier event for IT and network security experts.  The two-day
> > Training features 6 hand-on courses on May 12-13 taught by 
> professionals.
> > The two-day Briefings on May 14-15 features 24 top speakers with no 
> vendor
> > sales pitches.  Deadline for the best rates is April 25.  Register today
> to
> > ensure your place.  
> http://www.securityfocus.com/BlackHat-security-basics
> > 
> --------------------------------------------------------------------------
> --
> >
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
> world's premier event for IT and network security experts.  The two-day
> Training features 6 hand-on courses on May 12-13 taught by professionals.
> The two-day Briefings on May 14-15 features 24 top speakers with no vendor
> sales pitches.  Deadline for the best rates is April 25.  Register today to
> ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
> ----------------------------------------------------------------------------


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------