Bugtraq mailing list archives

Re: Chasing bugs / vulnerabilties

From: Kurt Seifried <listuser () seifried org>
Date: Mon, 24 Jul 2000 18:59:48 -0600

Amen.
[snipsnip]

Both white box (known source and specifications) and black box (using
documetation for software without knowing the internals) testing should be
carried out - by individuals separate and apart from the coders.

Try the UNIX Fuzz experiment, first conducted at the University of

Wisconsin

on multiple UNIX operating systems and when tried again several years

later

revealed only slightly better results (the Fuzz experiment throws garbage
input on the command line into a program and tests the response).   We
(check out
http://www.cerias.purdue.edu/coast/ms_penetration_testing/v11.html) tried
the same experiment on WinNT with 'interesting' results.


Fuzz for Linux:
http://fuzz.sourceforge.net/

Secure programming documentation and software (several links).
http://www.securityportal.com/lskb/articles/kben10000082.html

ITS4
http://www.rstcorp.com/its4/

SLINT
http://www.l0pht.com/products.html#SLINT

Michael S Hines, CISA,CIA,CFE,CDP         | Phone 765.494.5338


Kurt Seifried
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/

Current thread:

Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- - - Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
    - Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
    - Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
    - More bad censorware John Pettitt (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
  - S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Lluis Mora (Jul 17)
  - [COVERT-2000-07] LISTSERV Web Archive Remote Overflow COVERT Labs (Jul 17)
  - [RHSA-2000:043-02] Updated package for nfs-utils available bugzilla () REDHAT COM (Jul 17)
    - Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)
    - Re: [RHSA-2000:043-02] Updated package for nfs-utils available Andrea Costantino (Jul 18)
    - Re: [RHSA-2000:043-02] Updated package for nfs-utils available Matt Wilson (Jul 18)

(Thread continues...)