Well Kai, they do all of the above.

Some companies hire an independant Audit team to audit software. Some read
bugtraq, incidents, and others wait until they get hacked. :-)

David Hawley

-----Original Message-----
From: kaipower [mailto:kaipowersubdimension.com]
Sent: Thursday, April 04, 2002 5:05 PM
To: security-basicssecurityfocus.com; vuln-devsecurity-focus.com;
vuln-devsecurityfocus.com
Subject: Techniques for Vulneability discovery

Hi,

After reading the mailing list for quite a while, there is a burning
question which I kept asking myself:

How do experts discover vulnerabilities in a system/software?

Some categories of vulnerabilities that I am aware of:
1) Buffer overflow (Stack or Heap)
2) Mal access control and Trust management
3) Cross site scripting
4) Unexpected input - e.g. SQL injection?
5) Race conditions
6) password authentication

Do people just run scripts to brute force to find vulnerabilities? (as in
the case of Buffer overflows)
Or do they do a reverse engineer of the software?

How relevant is reverse engineering in this context?

Anybody out there care to give a methodology/strategy in finding
vulnerabilities?

Mike

_________________________________________________________

Do You Yahoo!?

Get your free yahoo.com address at http://mail.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]