Dailydave mailing list archives

"Specialization is for insects" - Heinlen

From: Dave Aitel <dave () immunityinc com>
Date: Mon, 10 Mar 2008 11:18:31 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It's interesting the tension between generalism and specialism in 
information security. For example, we hire consultants who are 
generalists. Essentially you have to show up at a client in a suit with 
a body of security knowledge, and learn as quickly as possible how it 
affects their particular technology, be it Citrix, .Net 3.0, J2EE with 
Beans, Ruby on Rails, or a DG-UX based system built internally to the 
client and never exposed to cold air.  It's a 
how-fast-can-you-learn-new-stuff-and-break-it game.

But when it comes to technology, I think it's valuable to specialize. 
Immunity Debugger is a disassembler and debugger that ONLY does 
Vulnerability Analysis. That's it. It does it in user-space on Win32 and 
it does it better than anything else out there (IMHO). Lately with 
CANVAS we've started to see traction with partners who specialize. Doing 
client-side attacks against a target who wants to know their real risk? 
You probably want to use Gleg's RealPlayer attacks. Attacking an 
application hosted on Citrix? You probably want to use the D2Sec pack. 
(It's what we're using this week. We do eat the dogfood we re-sell!)

I find that an over-reliance on generalized scanners is tending to go 
against the technology gradient. How is a SOAP testing tool going to 
help you when the server only accepts application/soap+msbin1 format 
(aka MC-NBFS)? How is a network scanner (with exploits or without) 
designed for banks going to help your hotel business? Anyways, it's 
something I'm thinking about, and no doubt a lot of other people on the 
list too. I wanted to throw it out there : What kind of generalized 
scanner features can we build that would allow you to build the 
specialized scanner that actually helps your business?

If you want to see CANVAS or SILICA live we have a few conferences 
coming up:

March 13-14, 2008    SOURCE Boston
http://www.sourceboston.com/
March 26-28, 2008    CanSec West - Vancouver
http://www.cansecwest.com/
April 7-11, 2008         RSA - San Francisco
http://www.rsaconference.com/2008/US/Home.aspx
April 14-17, 2008       HITB - Dubai
http://www.hackinthebox.org/

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH1VFHtehAhL0gheoRAh3pAJ9ECEE1r3LTAzgJpCTn8dh6OpTemQCff9Zx
Dk98x20oNvLPAz+gMOcQwUw=
=br4H
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

"Specialization is for insects" - Heinlen Dave Aitel (Mar 10)
- CERT C Secure Coding Standard: last call for reviewers Robert C. Seacord (Mar 13)
- <Possible follow-ups>
- Re: "Specialization is for insects" - Heinlen Mario Santana (Mar 18)