Security Basics mailing list archives
Re: how to discover vulnerability?
From: "K. K. Mookhey" <cto () nii co in>
Date: Fri, 18 Apr 2003 20:22:45 +0530
Here's one way: 1. Snapshot system before software installation - open files, open network connections, registry, etc. 2. Install software - monitoring file and registry access during installation 3. Snapshot system after installation. See 1 above. 4. Determine all avenues of input to the system - network, user input screens, configuration files, command line, etc. 5. Throw everything and the kitchen sink at it. 6. If process behaves abnormally - crashes, CPU usage goes high, gives you /etc/password ;), you got yourself a vulnerability. If not, go to 4 again. Our advisories page is at http://www.nii.co.in/research.html K. K. Mookhey CTO, Network Intelligence India Pvt. Ltd. Web: www.nii.co.in ================================= Security Auditing Software http://www.nii.co.in/Products.html =================================
hello, i have a question: almost every day, there are many security holes are discovered. i wonder how they can find these holes? 1. for open source softwares, they must read every source line ? 2. for closed source softwares, they must reverse engineering binary code?anway, i dont know exactly how they can discover holes!
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- how to discover vulnerability? Quynh Nguyen Anh (Apr 17)
- RE: how to discover vulnerability? David Gillett (Apr 17)
- Re: how to discover vulnerability? Andy Cuff [talisker] (Apr 17)
- Re: how to discover vulnerability? K. K. Mookhey (Apr 21)
- <Possible follow-ups>
- Re: how to discover vulnerability? Ali Saifullah Khan (Apr 21)
- Re: how to discover vulnerability? dwarkeeper (Apr 25)