lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040622081838.25497.qmail@web90006.mail.scd.yahoo.com>
From: johnspood at yahoo.com (Mr. John)
Subject: Vulnerability Disclosure Technics

You are right, parameter passing or fuzzy input to a
software is good, but there is some problems:

 - Some applications like IE have many and many ways
for input.
 - Sequence of input may be very variant that reaching
to bug state want a very good chance. for tester.
 - More important, For example for buffer overflow
testing, it isn't easy to understand that Now, a
successful buffer overflow happend, at all. Or for a
XSS vulnerability, how a automatic vulnerability
testing application can detect XSS in a case of input?
Or suppose finding vulnerabiliy in MS RPC at last
year, how she detects that at that input sequence, MS
RPC is vulnerable?
 
But I see that some companies have ability to get
binary code of a software (like IE) and test it for
vulnerabilities and they will be found some
vulnerabilities in it after a short time. I think that
they have some automated machines for these testing,
but I don't have any IDEA about that.

Regards.
Mr. John
 
--------------------------------------------------
"Oliver@...yhat.de" <Oliver@...yhat.de> wrote:

There are several ways to search for vulnerabilities
in applications.
If you have the sourcecode, you can do a code review.
There are many 
tools (like flawfinder etc.) wich will support you in
finding "static" 
vulnerabilities like
buffer-overflows du to incorrect usage of commands
like "strcpy" and family.
If you dont have the source code, you can do a reverse
engineering with 
debuggers, dissassemblers and other tools, to search
for common
coding mistakes.
You also can do a black-box testing, whereby you can
use 
fuzzy-technologie to generate random parameters and
requests, sending to 
the application.
The last one is the one i often use, because in most
cases you dont have 
the source code, and reverse engineering is not that
easy :)

bye,

Oliver

Mr. John wrote:

>Hi
>A question is in my mind everywhen I see a
>vulnerability disclosure. I want to know how a person
>finds a security vulnerability in a software. Is
there
>a regular way?
>Suppose that I am technical chair of a software group
>and we have a software that security consideration
>is important for us. How can I test our software to
>ensure that no security vulnerabilities (like buffer
>overflow vuln) exists in our software product. Or it
>is question for me how for example eEye find many
>vulnerabilities in software products. Is there a
>regular and formal way? Is there some tools,
technics,
>method, ... for this purpose, for finding a
>vulnerability in a software?
>
>Thanks
>John
>






	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ