Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Chasing bugs / vulnerabilties
From: Kurt Seifried <listuser () seifried org>
Date: Mon, 24 Jul 2000 18:59:48 -0600
Amen.
[snipsnip]


Both white box (known source and specifications) and black box (using
documetation for software without knowing the internals) testing should be
carried out - by individuals separate and apart from the coders.

Try the UNIX Fuzz experiment, first conducted at the University of

Wisconsin

on multiple UNIX operating systems and when tried again several years

later

revealed only slightly better results (the Fuzz experiment throws garbage
input on the command line into a program and tests the response).   We
(check out
http://www.cerias.purdue.edu/coast/ms_penetration_testing/v11.html) tried
the same experiment on WinNT with 'interesting' results.


Fuzz for Linux:
http://fuzz.sourceforge.net/

Secure programming documentation and software (several links).
http://www.securityportal.com/lskb/articles/kben10000082.html

ITS4
http://www.rstcorp.com/its4/

SLINT
http://www.l0pht.com/products.html#SLINT


Michael S Hines, CISA,CIA,CFE,CDP         | Phone 765.494.5338


Kurt Seifried
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]