Vulnerability theory is not solid enough to be called a science. It's
really an art. There are patterns which can be used to look
for them. The best categorization of vulnerabilities I've read is
by far Knight's Computer vulnerabilities. For more detail on
condition validation errors and synchronization errors see Aslam papers.

[]'s

Woody

> Hi,
>
> After reading the mailing list for quite a while, there is a burning
> question which I kept asking myself:
>
> How do experts discover vulnerabilities in a system/software?
>
> Some categories of vulnerabilities that I am aware of:
> 1) Buffer overflow (Stack or Heap)
> 2) Mal access control and Trust management
> 3) Cross site scripting
> 4) Unexpected input - e.g. SQL injection?
> 5) Race conditions
> 6) password authentication
>
> Do people just run scripts to brute force to find vulnerabilities? (as in
> the case of Buffer overflows)
> Or do they do a reverse engineer of the software?
>
> How relevant is reverse engineering in this context?
>
> Anybody out there care to give a methodology/strategy in finding
> vulnerabilities?
>
> Mike
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free yahoo.com address at http://mail.yahoo.com
>

-- 
Rafael Anschau - Terra Networks Brasil
Operacao Nacional  -  (51) 3284 4246

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]