Penetration Testing mailing list archives
Re: Ethical Hacking Training
From: Steve Kemp <steve () steve org uk>
Date: Mon, 19 Jan 2004 17:09:29 +0000
On Sun, Jan 18, 2004 at 10:28:02PM -0600, Jimi Thompson wrote:
Precisely how do you think that the aforementioned "security exploits" are discovered?
I have a learned an awful lot by studying the source code to lots of applications, as part of a randomly directed auditing project. One thing that I have learned for example is that many people are getting the hang of preventing against buffer overflows, but that mistakes are still being made in other areas. It's also interesting to see how often the automated scanners do not detect something that is readily apparent to the human observer. (My work is here: http://www.steve.org.uk/Debian).
My experience has been that unless you know how to hack and how to look at your network from the outside like one of the bad guys, that you aren't going to have much of an idea of what is vulnerable, what is poorly coded, and what does not work efficiently and securely.
Exactly. That goes for applications, networks, and most general setups. Steve --- Edinburgh System Administrator : Linux, UNIX, Windows Looking for an interesting job : http://www.steve.org.uk/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Ethical Hacking Training Andy Cuff [Talisker] (Jan 15)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- RE: Ethical Hacking Training rob (Jan 18)
- Re: Ethical Hacking Training Jeremiah Cornelius (Jan 18)
- Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 16)
- SUMMARY: Re: Ethical Hacking Training Andy Cuff [Talisker] (Jan 19)
- <Possible follow-ups>
- RE: Ethical Hacking Training charl van der walt (Jan 16)
- RE: Ethical Hacking Training Teicher, Mark (Mark) (Jan 18)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- Re: Ethical Hacking Training Steve Kemp (Jan 19)
- Re: Ethical Hacking Training Tim Gurney (Jan 20)
- RE: Ethical Hacking Training Rob Shein (Jan 20)
- Re: Ethical Hacking Training Jimi Thompson (Jan 19)
- RE: Ethical Hacking Training Rob Shein (Jan 16)
- RE: Ethical Hacking Training Pete Herzog (Jan 19)
- Re: Ethical Hacking Training Mike Hoskins (Jan 20)
- Re: Ethical Hacking Training Meritt James (Jan 19)
- Re: Ethical Hacking Training Stormwalker (Jan 20)
- RE: Ethical Hacking Training Kurt (Jan 20)