Re: Source code auditing

[danuxx () gmail com]

I think she was not talking about the power of metasploit (which no doubt is poweful and magic!!) but the easy-to-use 
interface to exploit vulnerable systems.
So that script kiddies do not need to know what EIP or Pop+Pop+Ret means in order to compromise a system.

My 2 rupees :-)
------Original Message------
From: Oliver Kindernay
Sender: listbounce () securityfocus com
To: pen-test () securityfocus com
Subject: Source code auditing
Sent: Feb 15, 2010 10:53 AM

Hi, I am interested in exploiting applications. I have some practice
in writing exploits (buffer overflow, format string, ...) in linux. I
want to start exploiting real applications (open source). I don't know
how to start with finding bugs in application's source. I can use
perl, grep, etc... for finding some statical buffers, strcpys, etc.
but it's good just for some explorative research. Could you post some
sources where can I learn some about source code auditing?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



Sent via BlackBerry from T-Mobile