Wednesday, April 18, 2012

How to find a vuln?

Ok maybe before trying to write an exploit maybe I need to find a vuln first ? There are a few ways to go about doing this depending on your skill level.

1. Use vulns that are found by others and published. Search the target application in the vulnerability database.
An collection of vulns from various sources
A official source of vulns.

2. Use a vulnerability scanner to scan the target application. Do note that no product is the best, all of them have their pros and cons, the more you know about the topic of vulnerability assessment the more you realise how limited they are.
Nessus
Internet Security Scanner
Nexpose

3. Fuzzing the target application to find the vuln(s). Fuzzing is a complex topic and there are various books and papers published on this topic. Lets just say its easy to do fuzzing but its not easy to fuzz and find vulns.
A blog post on fuzzing by LUPIN

4. Reverse Engineering(RE) the target application to find the vuln(s). Reverse Engineering is a very very complex topic. There are many sites and book on this topic. However, my short experince on RE tell me one thing, JUST DO IT. The more RE you do the better you get.
Excellent site to find info on RE

5. Source Code review. This method only work if you have access to the source code and you are able to understand the code very well. This method can take alot of time and its a challenge to be comprehensive.
I have no experience in this but I know someone who is good at this. I will put a link to this blog on his thoughts for code review when he start blogging.

7 comments: