Well Kai, they do all of the above. Some companies hire an independant Audit team to audit software. Some read bugtraq, incidents, and others wait until they get hacked. :-) David Hawley -----Original Message----- From: kaipower [mailto:kaipowerat_private] Sent: Thursday, April 04, 2002 5:05 PM To: security-basicsat_private; vuln-dev@security-focus.com; vuln-devat_private Subject: Techniques for Vulneability discovery Hi, After reading the mailing list for quite a while, there is a burning question which I kept asking myself: How do experts discover vulnerabilities in a system/software? Some categories of vulnerabilities that I am aware of: 1) Buffer overflow (Stack or Heap) 2) Mal access control and Trust management 3) Cross site scripting 4) Unexpected input - e.g. SQL injection? 5) Race conditions 6) password authentication Do people just run scripts to brute force to find vulnerabilities? (as in the case of Buffer overflows) Or do they do a reverse engineer of the software? How relevant is reverse engineering in this context? Anybody out there care to give a methodology/strategy in finding vulnerabilities? Mike _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 09:50:53 PDT