Penetration Testing mailing list archives
Re: Source code auditing
From: Oliver Kindernay <oliver.kindernay () gmail com>
Date: Tue, 16 Feb 2010 22:56:47 +0100
Thank you, the book looks great. 2010/2/16 Think Defensive <bugtraq () thinkdefensive co uk>:
Oliver, Here's a useful link; http://www.corelan.be:8800/index.php/category/security/exploit-writing-tutorials/ As mentioned, read up on Metasploit too. Very good tool for exploiting. Regards, David Lester Security Consultant Think Defensive On 15 Feb 2010, at 16:53, Oliver Kindernay <oliver.kindernay () gmail com> wrote:Hi, I am interested in exploiting applications. I have some practice in writing exploits (buffer overflow, format string, ...) in linux. I want to start exploiting real applications (open source). I don't know how to start with finding bugs in application's source. I can use perl, grep, etc... for finding some statical buffers, strcpys, etc. but it's good just for some explorative research. Could you post some sources where can I learn some about source code auditing? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Source code auditing Oliver Kindernay (Feb 15)
- Re: Source code auditing Think Defensive (Feb 17)
- Re: Source code auditing Oliver Kindernay (Feb 17)
- Re: Source code auditing Anders Thulin (Feb 17)
- Re: Source code auditing Think Defensive (Feb 17)
- Re: Source code auditing jcran (Feb 17)
- Re: Source code auditing Himanshu Goyal (Feb 22)
- <Possible follow-ups>
- Re: Source code auditing danuxx (Feb 15)
- Re: Source code auditing Oliver Kindernay (Feb 17)
- Re: Source code auditing Zack Payton (Feb 17)
- Re: Source code auditing Oliver Kindernay (Feb 22)
- Re: Source code auditing Oliver Kindernay (Feb 17)
- Re: Source code auditing Think Defensive (Feb 17)
- Re: Re: Source code auditing yasser . alruhaily (Feb 17)