Penetration Testing mailing list archives

Re: Source code auditing

From: jcran () 0x0e org
Date: Tue, 16 Feb 2010 10:27:42 -0500 (EST)

http://taossa.com/ <-- likely the single best resource out there (the book).

jcran

On Mon, Feb 15, 2010 at 11:53 AM, Oliver Kindernay <oliver.kindernay () gmail com> wrote:

Hi, I am interested in exploiting applications. I have some practice
in writing exploits (buffer overflow, format string, ...) in linux. I
want to start exploiting real applications (open source). I don't know
how to start with finding bugs in application's source. I can use
perl, grep, etc... for finding some statical buffers, strcpys, etc.
but it's good just for some explorative research. Could you post some
sources where can I learn some about source code auditing?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




--
Jonathan Cran
jcran () 0x0e org
515.890.0070

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Source code auditing Oliver Kindernay (Feb 15)
- Re: Source code auditing Think Defensive (Feb 17)
  - Re: Source code auditing Oliver Kindernay (Feb 17)
- Re: Source code auditing Anders Thulin (Feb 17)
- Re: Source code auditing Think Defensive (Feb 17)
- Re: Source code auditing jcran (Feb 17)
- Re: Source code auditing Himanshu Goyal (Feb 22)
- <Possible follow-ups>
- Re: Source code auditing danuxx (Feb 15)
  - Re: Source code auditing Oliver Kindernay (Feb 17)
    - Re: Source code auditing Zack Payton (Feb 17)
    - Re: Source code auditing Oliver Kindernay (Feb 22)
- Re: Re: Source code auditing yasser . alruhaily (Feb 17)