How are bugs found ?
Results 1 to 6 of 6

Thread: How are bugs found ?

  1. #1
    Junior Member
    Join Date
    May 2006
    Posts
    1

    How are bugs found ?

    Hello!

    Ok.. so I know my way arround with C, C++, Assembly on x86, Python, Perl, PHP and I'd like to get into security research. All of the above are self tought ..

    I'm not very sure how exactly people discover bugs. (I'm not talking about "accidents") Is there a "scientific" method (or "brute" method?) to find bugs in a programe? Assuming the source code is relatively big .. I suppose trying to read it and discover security bugs this way is pretty .. impossible in many cases ?

    So I suppose you can use Fuzzers .. [does anyone have a good resource for theory on this subject ?] ..

    How else can one discover security bugs ?
    /dev/null

  2. #2
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Posts
    1,542
    The first and most easy but important method is 'usage'. Alfa and Beta testers (intenral and external) will discover much of the bugs in the software including certain security problems.

    Next extensive fuzz testing is a good idea, cause the fuzz is going to find errors a human tester does not. But still the human tester is essential.
    http://en.wikipedia.org/wiki/Fuzz_testing
    http://fuzz.sourceforge.net/

    aptesting
    http://www.aptest.com/resources.html

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Bleh, finding bugs is an art form.

    Look at how something is supposed to work, try all those options then think of wild ways to misuse the app and you'll shake out a healthy pile of em.

    The art comes into play based on the quality of your imagination of misuse.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    OK, I now have a challenge as to try to not make this sound pompous or pedantic.

    A bug is an error in the functionality of a system. Basically, that bit doesn't work properly.

    Flaws, weaknesses, or whatever, arise where the system does work properly if it is used properly . However, if you make mistakes, it will let you, and screw up as a result.

    When these situations allow the system security to be compromised they are "vulnerabilities"

    Please remember that security problems are not "bugs" per se. A hell of a lot of them are simple design errors

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by nihil
    OK, I now have a challenge as to try to not make this sound pompous or pedantic.

    A bug is an error in the functionality of a system. Basically, that bit doesn't work properly.

    Flaws, weaknesses, or whatever, arise where the system does work properly if it is used properly . However, if you make mistakes, it will let you, and screw up as a result.

    When these situations allow the system security to be compromised they are "vulnerabilities"

    Please remember that security problems are not "bugs" per se. A hell of a lot of them are simple design errors
    I'm going to disagree... those definitions look like they came out of the Hackers Dictionary 3rd Edition from the early 90s... That's definatley how they were defined... but that definition hasn't been accurate in at least the last 5 years or so...

    define: bugs on google
    A computer bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from working correctly or produces an incorrect result. Bugs arise from mistakes and errors, made by people, in either a program's source code or its design. It is said that there are bugs in all useful computer programs, but well-written programs contain relatively few bugs, and these bugs typically do not prevent the program from performing its task. ...
    As to finding them... I concur with TH13 that it's an art...

    However, there's a lot of things that you can do..

    Reverse Engineering,
    Fuzzing
    Repetitive Use
    Improper Use
    Read the Source Code
    Read the Documentation
    Proper Use
    ....

    What you listed above is that you know how to program.... don't assume that the two go together... they don't... now if it was programming and coding an exploit... they go to together... There are many aspects to finding and accurately demonstrating a flaw / vuln... and even so they are quite often stumbled upon by accident... during other work.

    Peace
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Junior Member
    Join Date
    May 2006
    Posts
    3

    Also algorithmically

    There are also projects (also Microsoft has that kind of research) that focus on finding bugs algorithmically. The source code is analysed and a special model is created. Then using heuristics the state space of this model is checked. All the possible combinations are verified and thus the bugs can be found.
    David Matousek, founder of Matousec - Transparent security

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •