| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 30 20:55:28 2006 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: New member asking question... > I have been reading the posts over the past few weeks, and am wondering > how the heck you guy discover these vulnerabilities. Granted, I am > still very new to the IS world, but I cannot begin to understand how you > discover weaknesses. After reading these posts, the explanation always > makes since, but are you guys actively seeking weaknesses, or just > happen to come across them? Learn how things are *supposed* to work (for example, write your own webserver in C), then intentionally throw broken requests at it. Eventually you'll find a result you *didn't* expect, and that's what you should investigate. Knowing *what* is broken is never as important as *why*. As mentioned by another, learning to dream in C, and understanding asm go a *long* way. Oh .. and one more note .. practice on your own stuff. It's easy to get arrested in the process of learning if you're not careful. When you get good at it, play nice and adhere to the rules of "responsible disclosure" (search the archives for lengthy threads on this seperate issue) /mike.
Powered by blists - more mailing lists