Vulnerabilities are discovered in a number of ways:

- Accidentally - for example when a 3rd party company develops a client with a bug in, and discovers that this client bug activates a server bug which is exploitable
- Source code analysis - the owners of the source or someone else manually or automatically scan the source code for problems
- "Fuzzers" - these are programs which deliberately throw junk at network servers.

If a bug is suspected, it may then be tested by throwing the right kind of junk at the server with a debugger attached. A popular technique is to overflow a string with "ABCDEFGH..." and then wait for the crash, then examine the instruction pointer to find out which part of the alphabet it was in.

Slarty