Vulnerability theory is not solid enough to be called a science. It's really an art. There are patterns which can be used to look for them. The best categorization of vulnerabilities I've read is by far Knight's Computer vulnerabilities. For more detail on condition validation errors and synchronization errors see Aslam papers. []'s Woody > Hi, > > After reading the mailing list for quite a while, there is a burning > question which I kept asking myself: > > How do experts discover vulnerabilities in a system/software? > > Some categories of vulnerabilities that I am aware of: > 1) Buffer overflow (Stack or Heap) > 2) Mal access control and Trust management > 3) Cross site scripting > 4) Unexpected input - e.g. SQL injection? > 5) Race conditions > 6) password authentication > > Do people just run scripts to brute force to find vulnerabilities? (as in > the case of Buffer overflows) > Or do they do a reverse engineer of the software? > > How relevant is reverse engineering in this context? > > Anybody out there care to give a methodology/strategy in finding > vulnerabilities? > > Mike > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > -- Rafael Anschau - Terra Networks Brasil Operacao Nacional - (51) 3284 4246
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 10:03:00 PDT