On Fri, Apr 05, 2002 at 09:04:33AM +0800, kaipower said: > Hi, > Hey! I'm no "expert" but I'll try to add a little... > How do experts discover vulnerabilities in a system/software? > This of course depends on what it is that you are auditing. Meaning is the software open source, a binary, local app or a network daemon. There is different approaches to all of them. Each audit of a given piece of software has to take what the software is designed to do, and the valid channels of input into the program into account. This is the starting place for any audit. > Do people just run scripts to brute force to find vulnerabilities? (as in > the case of Buffer overflows) Absolutely. Local binaries can be tested using any number of "fuzz" testers. Google can tell you all about these fuzz testers. > Anybody out there care to give a methodology/strategy in finding > vulnerabilities? I'll just list a few that I am familiar with. 1.) source code audit - obviously only applicable when source is available. Visual inspection of the source code looking for places where one might be able to take control of or crash the application. 2.) previously discovered techniques - look at problems that have occurred in similar applications. It's very likely that these same problems may occur in other applications as well. 3.) perl -e 'print "A"x1000' | foo :) I'm sure there are many more people on the list who can fill in much more. -- Josha Bronson dmuzat_private AngryPacket Security
This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 15:00:22 PST