Well Kai, they do all of the above.
Some companies hire an independant Audit team to audit software. Some read
bugtraq, incidents, and others wait until they get hacked. :-)
David Hawley
-----Original Message-----
From: kaipower [mailto:kaipower_at_subdimension.com]
Sent: Thursday, April 04, 2002 5:05 PM
To: security-basics_at_securityfocus.com; vuln-dev_at_security-focus.com;
vuln-dev_at_securityfocus.com
Subject: Techniques for Vulneability discovery
Hi,
After reading the mailing list for quite a while, there is a burning
question which I kept asking myself:
How do experts discover vulnerabilities in a system/software?
Some categories of vulnerabilities that I am aware of:
1) Buffer overflow (Stack or Heap)
2) Mal access control and Trust management
3) Cross site scripting
4) Unexpected input - e.g. SQL injection?
5) Race conditions
6) password authentication
Do people just run scripts to brute force to find vulnerabilities? (as in
the case of Buffer overflows)
Or do they do a reverse engineer of the software?
How relevant is reverse engineering in this context?
Anybody out there care to give a methodology/strategy in finding
vulnerabilities?
Mike
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Received on Apr 10 2002
Intro
