Testing Techniques to Find the Sin

Previous page
Table of content
Next page

The best way to find its not really a file and directory traversal bugs is to throw random filenames at the application to see how it behaves. Try some of the following:

  • AUX

  • CON

  • LPT1

  • PRN.TXT

  • ..\..\AUX

  • /dev/null

  • /dev/random

  • /dev/urandom

  • ../../dev/random

  • \\ servername \c$

  • \\servername\ipc$

See if the application hangs or crashes; if it does, you may have hit code that anticipated real, honest-to-goodness files! Also, see if you can access files you shouldnt be able to access, such as /etc/passwd on a Unix box.

As with a number of other sins in this book, the best way to find the issues is through a good security code review.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Snort Cookbook
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
The Complete Cisco VPN Configuration Guide
Java How to Program (6th Edition) (How to Program (Deitel))
Postfix: The Definitive Guide
InDesign Type: Professional Typography with Adobe InDesign CS2
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy