Dailydave mailing list archives
RE: VisualExploit.py
From: "Mike Bailey" <mike.bailey () sunbladesecurity com>
Date: Fri, 25 Feb 2005 23:59:35 -0500
couldn't come up with any "purdee pictures" (if you've got DDJ's Dec 1995 "Visual Programming" issue, it's got a great
Didn't Next have something similar to this as well. Maybe my memory has merged "Cube" and nextcube but I recall a Visio/Dia like tool on there for development.
I'm wondering what the overall effect of "lowering the bar" would be - would vendors then make a more concerted effort to writing "better" (read: more secure) programs before releasing? Would they use the tools themselves? Pehaps you
While thinking about the visual language interface I started on a philosophical rant.. On one hand you have people that want to look at writing exploits as an art or something else idealistic and pure. I bet most of those people don't try to do it for living if at all. Then there are people that whose job is to break stuff. Sometimes for fun and profit, sometimes because they like doing a good in the QA lab and maybe even sometimes in an effort to make someone or some companies dev staff look bad. In most testing cases you're going to have to understand how to find the vulnerability before worrying about exploiting them so there's no lowering of the bar there "in my opinion". It seems more like adding a springboard in an effort to get over that bar a little easier. Since I'm pretty tired and hungry now a food reference comes to mind as well. Finding vulns is like making a donut. Using a VPL interface with canvas would then be like a nice chocolate glaze after slaving away in the kitchen to cook that donut. Personally I'm thinking of it now as the krispyKreme of security testing tools. Maybe there will even be contests for who can make a working exploit that looks like art to keep the idealists happy too! Sadly in some matrix like movie they'll be probably be using virtual reality suits to build exploits with this tool. I shudder.. And for those unfamiliar with my donut- http://www.krispykreme.com/varieties.html# Oh well, I'll shut up now.. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- VisualExploit.py Dave Aitel (Feb 25)
- Re: VisualExploit.py Isaac Dawson (Feb 25)
- Re: VisualExploit.py Gadi Evron (Feb 25)
- Re: VisualExploit.py Daryl Tester (Feb 25)
- RE: VisualExploit.py Mike Bailey (Feb 25)
- Re: VisualExploit.py Mordy Ovits (Feb 28)
- Re: VisualExploit.py Rodney Thayer (Feb 28)
- Re: VisualExploit.py Dennis Cox (Feb 28)
- <Possible follow-ups>
- Re: VisualExploit.py Jerome ATHIAS (Feb 26)
- Re: VisualExploit.py Isaac Dawson (Feb 25)