Jump to content

User:Tqbf/Vulnerability Research

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Tqbf (talk | contribs) at 05:28, 13 November 2007 (→Vulnerabilities). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

In computer science, vulnerability research refers to...

Concepts

Vulnerabilities

A vulnerability is an exploitable flaw in a system

Vulnerabilities occur in hardware, software, and firmware

Vulnerabilities have different impacts --- CIA triad and AAA protocol are two metrics

The canonical vulnerabilities are remote code execution, SQL injection, and XSS.

Finding vulnerabilities

Penetration testing

Source code review

Reverse engineering

Fuzzing

Advisories

Industry adoption

In-house vulnerability research

Microsoft

Cisco

Vulnerability research at security vendors

ISS/IBM

MCAF

Industry venues

Black Hat

Uninformed

WOOT

CERT

Bugtraq

Societal impact

Voting

DRM

Parallels in antivirus

Writing virus signatures not the same thing as VR.

Parallels in cryptography

Cryptanalysis is most of cryptography.

Controversy

Full Disclosure

Vulnerability markets

Legal issues

Web application testing

You don't own the app, so you can get busted for finding vulns.

End-user license agreements

Nondisclosure agreements

Trade secret law

Copyright

Specific laws

That Michigan law that bans sniffers

Notable events

The Geer debacle

The Lynn debacle

The Blackboard debacle

Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Tqbf/Vulnerability_Research&oldid=171141107"