Mon premier blog

Hunting Security Bugs Bryan Jeffries, Lawrence Landauer, Tom Gallagher
Publisher: Microsoft Press

Some sites actively encourage hunting for bugs. Alex set about tracking down any bug he could with 90 minute sessions each day. Hunting Security Bugs Finding security flaws is now a fundamental development task, yet there has not been adequate documentation of the process used to find security bugs-until now. # re: What tech book are you reading right now? Instead, the bug Alex found was a valid critical security flaw buried in the Firefox web browser. Chap 1.通用方法：1、深入理解被测试物需要理解目标程序是如何工作的。，然后通过实践去证明自己的想法是否正确。2、对目标邪恶3、把邪恶的想法付诸行动4、学习新的攻击方法chap 2.对安全测试使用Threat Models. So this post will look at all three. Before we start, I must re-iterate: we are security professionals here, not in the act of attempting, whether or not the site in question has given you permission. Author: Tobias Klein ISBN: 978-1-59327-385-9 Published: November. 2 - Hunting Security Bugs - by Tom Gallagher, Bryan Jeffries and Lawrence Landauer. Getting Into Information Security Intelligence Gathering: A BlueHat v10 Retrospective from Speakers Ian Iftach Amit and Fyodor Yarochkin. I recently read "Hunting Security Bugs" by Gallagher, Landauer, and Jeffries; it provides some really great information on test strategies, though it's a bit Windows-centric. Java's secure random will not accept /dev/urandom as source for random numbers. Alex is a bug hunter, but the bugs he's uncovering are unlikely to end up in any entomological reference book. A Guided Tour Through the Wilds of Software Security. This team is primarily focused on penetration testing, writing security testing tools, and educating program managers, developers, and testers about security issues. Once upon a time there were bounty hunters running in the wild to nab those 'Most Wanted' criminals and walk away with big bucks. Facebook is offering 'bug bounties' to hackers in exchange of finding security bugs in the social networking giant's various systems. This spun off into two further questions - What security measures to have before openly allowing security researchers to hack your site and What security concerns should one bear in mind when hacking open-invitation websites? I describe how I hunted, found and fixed a bug which was causing problems in the development virtual machine of the RapidFTR project.