Re: Source code auditing

[Oliver Kindernay <oliver.kindernay () gmail com>]

Thank you, the book looks great.

2010/2/16 Think Defensive <bugtraq () thinkdefensive co uk>:
> Oliver,
> Here's a useful link;
> http://www.corelan.be:8800/index.php/category/security/exploit-writing-tutorials/
>
> As mentioned, read up on Metasploit too. Very good tool for exploiting.
>
> Regards,
>
> David Lester
> Security Consultant
> Think Defensive
>
> On 15 Feb 2010, at 16:53, Oliver Kindernay <oliver.kindernay () gmail com>
> wrote:
>
> > Hi, I am interested in exploiting applications. I have some practice
> > in writing exploits (buffer overflow, format string, ...) in linux. I
> > want to start exploiting real applications (open source). I don't know
> > how to start with finding bugs in application's source. I can use
> > perl, grep, etc... for finding some statical buffers, strcpys, etc.
> > but it's good just for some explorative research. Could you post some
> > sources where can I learn some about source code auditing?
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> > Board
> >
> > Prove to peers and potential employers without a doubt that you can
> > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------