Bugtraq mailing list archives
Re: Chasing bugs / vulnerabilties
From: Kurt Seifried <listuser () seifried org>
Date: Mon, 24 Jul 2000 18:59:48 -0600
Amen. [snipsnip]
Both white box (known source and specifications) and black box (using documetation for software without knowing the internals) testing should be carried out - by individuals separate and apart from the coders. Try the UNIX Fuzz experiment, first conducted at the University of
Wisconsin
on multiple UNIX operating systems and when tried again several years
later
revealed only slightly better results (the Fuzz experiment throws garbage input on the command line into a program and tests the response). We (check out http://www.cerias.purdue.edu/coast/ms_penetration_testing/v11.html) tried the same experiment on WinNT with 'interesting' results.
Fuzz for Linux: http://fuzz.sourceforge.net/ Secure programming documentation and software (several links). http://www.securityportal.com/lskb/articles/kben10000082.html ITS4 http://www.rstcorp.com/its4/ SLINT http://www.l0pht.com/products.html#SLINT
Michael S Hines, CISA,CIA,CFE,CDP | Phone 765.494.5338
Kurt Seifried SecurityPortal, your focal point for security on the net http://www.securityportal.com/
Current thread:
- Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
- Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
- Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
- Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
- More bad censorware John Pettitt (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Andrea Costantino (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Matt Wilson (Jul 18)