640Bug Hunting
How to find Security related Bugs in Software for Beginners
Referenten |
|
||||
Sprache | englisch | ||||
Vortragsdokumentation |
|
||||
Raum | Workshop | ||||
Zeit | Tag 3, 11:00 Uhr | ||||
Dauer | 1 Stunde | ||||
Links |
|
Beschreibung
We start with the simple question ìWhat is Security?î and we will also speak about types of security related bugs. Furthermore I will show typical approaches like black-, gray- and white-box testing involved during bug hunting.
The second part of my lecture will be mostly focused on finding bugs in closed source and networked software. The introduction of some nice open source tools which are helpful while trying to find bugs manually will be followed by issues and problems of fuzzing. Finally I will talk about the future of bug hunting.
To make the lecture demonstrative examples for the protocols HTTP and SMTP are given along with some home-brewed Perl scripts.
Agenda:
What is Security?
Types of Security related Bugs
Methods used to find Bugs
Hunting on Foot
Fuzzing applied
Problems related to Fuzzing
Some Thoughts about the Future of Bug Hunting