Introduction

There are several ways to approach any problem; and which approach you choose usually depends on the resources available to you and the methodology with which you are most comfortable. In the case of vulnerability research challenges, the resources may be code, time, or tools.

In some cases, you may be dealing with a software program for which the source code is readily available. For many people, reading the source code may be the easiest way for them to determine whether or not there are vulnerabilities; many vulnerabilities are tied to particular language functions or ways of calling external functions. The source code often gives the clearest picture of how this happens in a given program.

Another method of determining how a program works, and therefore whether there are holes, is reverse engineering, which may require special tools, such as disassemblers and debuggers. Since much is lost in the translation from source code to object code, it can often be more difficult to determine exactly what is happening in reverse engineered code.

The last method is black box testing. Black box testing allows only for the manipulation of the inputs and the viewing of a given system outputs, without the internals being known. In some cases (such as attempting to penetrate a remote system), black box testing may be the only method initially available. In other cases, it may be used to help chose where to focus further efforts.

In this chapter, we cover the various methodologies used...