Security Basics mailing list archives

RE: Binary Analysis with Internal Solutions

From: "Ward, Jon" <Jon_Ward () SYNTELINC COM>
Date: Tue, 24 Jul 2012 12:13:59 -0400

1.) Those binaries need to be tested.  Bugs in them will be found.  The
good guys need to be the first to do it.
2.) Depending on the number of instructions, reversing a binary could
take a huge amount of time.  I would make binary analysis a separate
service so that it will not hinder the progress of vulnerability
testing.
3.) If these are internal apps, consider source code analysis.  It can
be automated.  That makes it a scalable, repeatable service.


-jon

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of nschroedl () mtiorg com
Sent: Tuesday, July 24, 2012 10:15 AM
To: security-basics () securityfocus com
Subject: Binary Analysis with Internal Solutions

Hello everyone,

                A debate has been started in the office that I work in
over this question.  

"Should binary analysis (i.e. reversing and fuzzing) be part of an
internal vulnerability and pen testing solution?"

                There is mission critical custom in house software
solutions deployed here.  My opinion is Yes, but others say it is a
waste of resources to go this deep into offensive security.  Please send
your comments, and opinions so that I can either win/loose this debate.

Nick Schroedl

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Binary Analysis with Internal Solutions nschroedl (Jul 24)
- RE: Binary Analysis with Internal Solutions Ward, Jon (Jul 24)
- RE: Binary Analysis with Internal Solutions Mike Vella (Jul 24)
- RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 24)
  - RE: Binary Analysis with Internal Solutions Nick Schroedl (Jul 24)
    - RE: Binary Analysis with Internal Solutions Pranav Lal (Jul 25)
  - RE: Binary Analysis with Internal Solutions Mikhail A. Utin (Jul 24)
    - RE: Binary Analysis with Internal Solutions David Gillett (Jul 24)
    - RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 25)
    - RE: Binary Analysis with Internal Solutions Mikhail A. Utin (Jul 27)
    - RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 25)