Subscribe via feed.

Breaking software easier than you think

Posted by deepquest on April 15, 2005 – 5:29 am

One reason software security vulnerabilities are so tough to fix is because they are so hard to find. Unlike other bugs that become apparent when an application acts up, security holes tend to hide from normal view. And that’s just how the hacker underground likes it.

“If we want to master finding, fixing and remediating security vulnerabilities, it’s these side behaviors we have to understand,” explained computer scientist James A. Whittaker, co-author of How to Break Software Security, during Wednesday’s Secure Software Summit in San Diego. The three-day conference is tailored to those who manage and create software applications, which now are estimated to account for 75% of hacker attacks.

Much of the event focused on ways to better build apps and then audit them for holes that hackers can exploit. But speakers like Whittaker, who works at both the Florida Institute of Technology and application security provider Security Innovations, also urged developers to understand their adversaries. Hackers, he said, tend to be one-trick ponies. “They’ve perfected their method of getting into your software and that’s it? All they need to get into your network is one hole,” he said.

have the same kinds of pressures we have. All they have to worry about is one thing — and that’s getting into your computer.” In fact, Whittaker added, studying hackers can be depressing. They tend to have limited C programming and assembly skills, but they can access thousands of free hacking tools through Web sites that also offer tips and tutorials. It’s that information sharing that makes the hacking community so formidable.

more from [url=http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1079804,00.html] Tech Target[/url]


This post is under “Security” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.