SBDA âsame bug, different appâ - Security Assessment

More documents

Recommendations

Info

Methodical vs Random? • Can A Structured Testing Routine Payout With Findings? Yes, as is proved on a regular basis • Can A Random Testing Process Payout With Findings? Yes, with luck, as is proved on a regular basis; but could take considerably longer in time and amount of effort • Are There Benefits To Using Both? Absolutely!! If you view the methodical approach as thinking within the square, then random is thinking outside the square. Thinking outside the square is what leads to new vectors that can then be placed into the spreadsheet. Thinking outside the square is where the interesting stuff is Copyright Security-Assessment.com 2005
Packet vs File • Both Are Data Both a packet and a file are methods of getting data to a target • File Data Is Still User Supplied Input This appears to be a common mistake “Why would somebody open a corrupt file?” • File Exploits Can Bypass Corporate Firewalls Vulnerabilities exploited through files that open automatically are especially dangerous • File Based Vulnerabilities Are Easier To Detect? Easier to automate the examination of files Possible to capture network traffic and examine packet dumps for strings that could be manipulated Copyright Security-Assessment.com 2005
Page 1 and 2: SBDA “same bug, different app”
Page 3 and 4: SBDA - What It’s Not • Not The
Page 5 and 6: SBDA - The Conception • I Wanted
Page 7 and 8: How Can This Be Applied To Research
Page 9 and 10: The SBDA Advantage • Gives Resear
Page 11: The AV / Archive SBDA (in reverse)
Page 15 and 16: Some Common Test Methods • Fuzzin
Page 17 and 18: SDBA Theory In Practice • Some Ex
Page 19 and 20: The Long Value SBDA • Length Valu
Page 21 and 22: The Long Import SBDA • Jan, 2005
Page 23 and 24: The URL Handler SBDA • Mar 09, 20
Page 25 and 26: SBDA To The Test • Quick File Bas
Page 27 and 28: 2 nd Generation Vulnerabilities •
Page 29 and 30: Wrap Up • Same Bug, Different App

SBDA âsame bug, different appâ - Security Assessment

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

SBDA âsame bug, different appâ - Security Assessment