On Fri, 5 Apr 2002 09:04:33 +0800
"kaipower" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> After reading the mailing list for quite a while, there is a burning
> question which I kept asking myself:
>
> How do experts discover vulnerabilities in a system/software?
>
> Some categories of vulnerabilities that I am aware of:
> 1) Buffer overflow (Stack or Heap)
> 2) Mal access control and Trust management
> 3) Cross site scripting
> 4) Unexpected input - e.g. SQL injection?
> 5) Race conditions
> 6) password authentication
>
> Do people just run scripts to brute force to find vulnerabilities? (as in
> the case of Buffer overflows)
> Or do they do a reverse engineer of the software?
>
> How relevant is reverse engineering in this context?
>
> Anybody out there care to give a methodology/strategy in finding
> vulnerabilities?
>
> Mike
>
There is just a new article published that covers this point.
I've read it, and I think it could help you a little.
http://www.computer.org/computer/sp/articles/arc/index.htm
______________________________________________________________________
__ __
/ || \ FreeBSD Network - http://www.GomoR.org/
| __ |___/ Security Engineer Junior
| || \
\__|| \ >root is the only God I believe in<
