Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ethical Hacking Training

From: Steve Kemp <steve () steve org uk>
Date: Mon, 19 Jan 2004 17:09:29 +0000
On Sun, Jan 18, 2004 at 10:28:02PM -0600, Jimi Thompson wrote:


Precisely how do you think that the aforementioned "security exploits" 
are discovered? 


  I have a learned an awful lot by studying the source code to lots
 of applications, as part of a randomly directed auditing project.

  One thing that I have learned for example is that many people are
 getting the hang of preventing against buffer overflows, but that
 mistakes are still being made in other areas.

  It's also interesting to see how often the automated scanners 
 do not detect something that is readily apparent to the human
 observer.

  (My work is here:  http://www.steve.org.uk/Debian).


My experience has been that unless you know how to hack and how to look 
at your network from the outside like one of the bad guys, that you 
aren't going to have much of an idea of what is vulnerable, what is 
poorly coded, and what does not work efficiently and securely. 


  Exactly.  That goes for applications, networks, and most general
 setups.

Steve
---
Edinburgh System Administrator : Linux, UNIX, Windows
Looking for an interesting job : http://www.steve.org.uk/

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: