1. Vulnerability Discovery Methodologies

“Will the highways of the Internet become more few?”

George W. Bush, Concord, N.H., January 29, 2000

Ask any accomplished security researcher how he discovers vulnerabilities and you’re likely to get a multitude of answers. Why? There are a variety of approaches, each with its own advantages and disadvantages. No one approach is correct and no single method can uncover all possible vulnerabilities for a given target. At a high level, there are three primary approaches to discovering security vulnerabilities: white box, black box, and gray box testing. The differences among these approaches can be determined by the resources to which you, as the tester, have access. At one extreme, the white ...

Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.