640Bug Hunting

How to find Security related Bugs in Software for Beginners

Referenten
Frank Becker
Sprache englisch
Vortragsdokumentation
http://www.fm-berger.de/20C3
Raum Workshop
Zeit Tag 3, 11:00 Uhr
Dauer 1 Stunde
Links
[1] http://www.immunitysec.com/spikeproxy.html
[2] http://www.immunitysec.com/spike.html
[3] http://www.simphalempin.com/dev/tcpreen/
[4] http://www.owasp.org/development/webscarab

Beschreibung

We start with the simple question ìWhat is Security?î and we will also speak about types of security related bugs. Furthermore I will show typical approaches like black-, gray- and white-box testing involved during bug hunting.

The second part of my lecture will be mostly focused on finding bugs in closed source and networked software. The introduction of some nice open source tools which are helpful while trying to find bugs manually will be followed by issues and problems of fuzzing. Finally I will talk about the future of bug hunting.

To make the lecture demonstrative examples for the protocols HTTP and SMTP are given along with some home-brewed Perl scripts.

Agenda:

What is Security?

Types of Security related Bugs

Methods used to find Bugs

Hunting on Foot

Fuzzing applied

Problems related to Fuzzing

Some Thoughts about the Future of Bug Hunting

Archived page - Impressum/Datenschutz