Security Basics mailing list archives

Re: locating exploits in open source

From: haZard0us <hazard0us.pt () gmail com>
Date: Tue, 22 May 2012 16:40:39 +0100

Fuzzing is a way to find it.


On 22/05/2012, at 16:20, Littlefield, Tyler wrote:

Hello all:
Before I dive into reverse engineering, I'd like to start off smaller.
I understand bits and pieces of some exploits, so I'd like to start work on my own to help contribute somehow. Given
source code to a project, how do people usually proceed with finding exploits? I've played with some, and have some
understanding of how they work, but the actual figuring out how to make them is beyond me; tips and etc would be
welcome.

Here's kind of what I am thinking to get going. There are static analysis tools like splint and clang has one as
well, that I could run over the code and look for "unsafe" functions that I could possibly exploit where they are
used. Using this I will need a deeper understanding of buffer overflows, but I think it can be done. Are there other
entrypoints to this as well?

Thanks,
Ty

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works,
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

locating exploits in open source Littlefield, Tyler (May 22)
- Re: locating exploits in open source haZard0us (May 22)
- RE: locating exploits in open source Mike Vella (May 22)
- Message not available
  - Re: locating exploits in open source Littlefield, Tyler (May 22)
    - Re: locating exploits in open source AK (May 22)
    - Re: locating exploits in open source Bob Bobson (May 22)
    - Re: locating exploits in open source Robert Musser (May 22)
    - RE: locating exploits in open source Vincent Verloop (May 22)
- RE: locating exploits in open source Demetris Papapetrou (May 24)