[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44A581D4.7040907@csuohio.edu>
Date: Fri Jun 30 20:55:28 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: New member asking question...
> I have been reading the posts over the past few weeks, and am wondering
> how the heck you guy discover these vulnerabilities. Granted, I am
> still very new to the IS world, but I cannot begin to understand how you
> discover weaknesses. After reading these posts, the explanation always
> makes since, but are you guys actively seeking weaknesses, or just
> happen to come across them?
Learn how things are *supposed* to work (for example, write your own
webserver in C), then intentionally throw broken requests at it.
Eventually you'll find a result you *didn't* expect, and that's what you
should investigate. Knowing *what* is broken is never as important as *why*.
As mentioned by another, learning to dream in C, and understanding asm
go a *long* way.
Oh .. and one more note .. practice on your own stuff. It's easy to get
arrested in the process of learning if you're not careful. When you get
good at it, play nice and adhere to the rules of "responsible
disclosure" (search the archives for lengthy threads on this seperate issue)
/mike.
Powered by blists - more mailing lists