Vulnerabilities Research's blog
This post kicks off the first in a quick series about whitebox vulnerability research. For our purposes, whitebox refers to situations where vulnerabilities are identified by reviewing supplied architecture, system design, documentation or source code.
As pointed out in The Art of Software Security Assessment:
For the most part, vulnerability research is a very technical, in-depth subject.
Before get into the fun "guts of it" however, there is one soft subject we must address first. That is a look at what is desirable to know / understand up front.
We call this a soft subject because like the ethics of research, there is a variety of opinions about what prerequisite knowledge is required to get started in finding vulnerabilities. Given the broad coverage of the subject, it is our opinion no one person is right.
To keep things simple, we have compiled a small list of what to focus on from ours and others experience. This is a list that is far from comprehensive or complete but should provide some guidance on whether or not you're headed in the right direction.
First things first...
The purpose of this track is to develop your skills in being able to identify and exploit vulnerabilities.
It may sound odd, but when doing this for a living there are a few ethical issues that need to be considered.
Not too long ago, it used to be that finding bugs and writing exploits was simply a hobby that existed for many enthused researchers. Over time however, and with the rapid growth of the internet (and therefore, the number of internet facing systems), demand for solid, vulnerability research and exploit code has grown significantly over the last 10 years.
It's hard to describe to people that you get paid to hunt and exploit vulnerabilities for a living. People generally associate work with building or supporting stuff. Vulnerability research is quite the opposite. It is all about breaking stuff. So, when it comes to explaining to people that you're paid to come up with unique and innovative ways break into systems for a living, the conversation generally goes something very similar to this: