I'm thinking that it would be nice to get more direction in the
auditing, as that's somehting that has been lacking up till now.
In some senses it's useful to have people do their own thing, in
other ways it makes the organisation feel a little sloppy.
Javier has been doing great work with temporary file accesses,
and Ulf has done a lot of work on file unpackers/unarchivers.
I think that there are a couple of areas that could be approached
in a directed fashion:
* Command line overflows, via fuzz testing.
* Rebuilding the archive with the perl scanning modules distributed
here.
* Looking at CGI parameter passing.
* SQL injection attacks, PHP especially.
* Insecure execution via popen/system.
I'm thinking that right now the first one should be almost painless
to test against given enough time and enough disk space. There exist
several tools to automatically invoke applications with "random"
arguments and look for crashes.
The other ones could be tested for fairly easily too, albeit doing
all the programs would be a considerable effort.
Does anybody want to volunteer to work with me in a specific area,
or have any suggestions for new things to look at?
Steve
--
|
