detecting vulnerabilities in web applications and desktop applications
Question
Sorry, this is not a question about a specific programming language, but i need opinion on this. Please don't vote for close.
where do I learn about detecting vulnerabilities from the scratch?
I know HTML, CSS, JS, Java, and C.
So, where do I learn about detecting vulnerabilities in applications written in these prog. languages?
I heard of contests where "hackers" detect vulnerabilities in web browsers in mere seconds. I know experience is the main key here! but what other factors I can grow in myself to be one like this?
PS: Don't see "google", I`m looking for recommendation!
2 answers
solution1
2 2010-11-27 20:15:56
A good start is the OWASP top 10 list:
Category: OWASP Top Ten Project
The huge majority of any web security vulnerabilities will fall into these categories.
solution2
2 2010-11-27 21:10:39
For starters CSS, HTML and JS don't really contributed to the insecurity of your application. There is DOM Based XSS , but that is very uncommon. By contrast many vulnerabilities are found in Java and C each year.
There are 2 major methodologies for finding vulnerabilities in code. There is static code analysis using tools like grep or Rats or more advanced tools like the ones provided by Fortify and Coverity.
The other method is by fuzzing application. For looking for problems like buffer overflows in non-web applications Peach is an excellent testing platform. For testing web applications for common vulnerabilities like XSS and SQL Injection then you should use tools like Wapiti(open source) or Sitewatch (free service).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.