bmanice Posted March 24, 2010 Share Posted March 24, 2010 Hey guys im just curious about something. How do people find vulnerabilities in programs? Just the entire theory boggles my mind. Can anyone provide a process summary for me? Possibly point me in the right direction to some info? thanks! Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 24, 2010 Share Posted March 24, 2010 Test every input and every combination of possible inputs with every possible input value. Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 24, 2010 Share Posted March 24, 2010 http://en.wikipedia.org/wiki/Fuzz_testing Quote Link to comment Share on other sites More sharing options...
bmanice Posted March 25, 2010 Author Share Posted March 25, 2010 sorry for the newbie sounding question... just want to find info so i can wrap my head around this concept. would reverse engineering be relative to this topic? Quote Link to comment Share on other sites More sharing options...
VaKo Posted March 25, 2010 Share Posted March 25, 2010 OK, in laymans terms fuzz testing is a technical way of testing your application by sending in an army of small children who will then push random buttons and click anything that moves, and then looking for unexpected results. For vulnerability testing this will allow you to see if sending a particular chunk of data to a particular input has a result of allowing you to do something you shouldn't. This is like yelling random words and numbers at a person and finding that "yellow 4 fish dog trouser press 9" makes them drop there wallet. Reverse engineering is a process where you take a finished application, and work out what it does, how it does it and then aim towards replicating all of this in your own application. Quote Link to comment Share on other sites More sharing options...
bmanice Posted March 25, 2010 Author Share Posted March 25, 2010 OK, in laymans terms fuzz testing is a technical way of testing your application by sending in an army of small children who will then push random buttons and click anything that moves, and then looking for unexpected results. For vulnerability testing this will allow you to see if sending a particular chunk of data to a particular input has a result of allowing you to do something you shouldn't. This is like yelling random words and numbers at a person and finding that "yellow 4 fish dog trouser press 9" makes them drop there wallet. Reverse engineering is a process where you take a finished application, and work out what it does, how it does it and then aim towards replicating all of this in your own application. appreciate the analogy. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.