Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Security by Extensive Exploitation?
Posted by: Spikeman
Date: January 29, 2007 03:03AM

Here's an interesting idea I had today: Code an open-source web site without security, for example a forum in PHP. Then provide the source, and have hackers (that's where you all come in) find exploits. Write a simple patch for every exploit that is found. Theoretically, in the end you would be left with a secure piece of software. Does this sound realistic?

A good way to implement this would be as a sort of "challenge". For example, give out points for each exploit found and hackers could compete to see who could find the most/best exploit.

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: Anonymous User
Date: January 29, 2007 04:35AM

Hi!

If you want to have an insecure application for testing and practice you can install yourself an instance of WebGoat

http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

If you really want to have a secure piece software which is still maintainable after zounds of patches I don't think that your idea is that good - the risk seems pretty high for me that the result is going to be some kind of BBOM...

http://en.wikipedia.org/wiki/Big_ball_of_mud

Greetings,
.mario

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: kuza55
Date: January 29, 2007 05:11AM

It might be a good idea if you can collaborate with either HTS or HBH or a similar community, to get them to add it as a challenge (because they have an existing user base which is willing to do this kind of work), but I don't think requiring (or even asking for people) to submit patches is a good idea for the following reasons:

Most people who are involved with such communities might be good at finding vulnerabilities, but they generally aren't too good at writing code, and even those that are probably don't have too much experience on working in teams and so they aren't that good at writing code that fits into the overall architecture of the software. Of course this is a mass generalisation, but I think it primarily holds true.

If you ask for a patch and its not good quality you face a dilemma on whether or not you will accept the patch or not because if you accept the patch, then all of a sudden you have dodgy or out of place code in your project, but if you don't you risk offending and alienating the user base which is auditing your code.

But as long as the developers realise that if people find no vulnerabilities it doesn't mean they are vulnerability free, it simply means the subset of users from those sites which looked over your code (and probably not very closely at that) didn't find anything.

You might even want to offer some kind of other reward (no matter how small or intangible - these people are generally doing it either to learn or for recognition, those seeking recognition would be happy with more of it) to those who find vulnerabilities so that people from those communities have more incentive to participate.

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: hackathology
Date: March 27, 2007 11:53AM

Acunetix has a very vulnerable website for testing purposes i guess.

http://testphp.acunetix.com

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Date: March 27, 2007 12:58PM

So what keeps a hacker from finding a vuln and not disclosing it to you and waiting until you deploy your software on a your site to exploit it?

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: nEUrOO
Date: March 27, 2007 01:09PM

Anurag also released one: http://www.attacklabs.com/shopcart/
If you want other sites:
- Watchfire's http://testfire.com/
- SPI's (don't remember the URL.. :/)

I also plan to release mine (have to configure a sandbox before...)

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: hackathology
Date: March 28, 2007 01:16AM

The acunetix site is the site i found thats all, as for using the software, let me know if anyone of you uses.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: Anonymous User
Date: March 28, 2007 03:07AM

Nice - didn't know them urls. Thx!

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: FR3DC3RV
Date: March 28, 2007 02:40PM

I don't think that extensive exploitation is a good idea.
I'll always prefer writing secure code instead of writing unsecure code and then tell someone to test it.

-------------------------------
http://fr3dc3rv.blogspot.com

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: blad3
Date: March 29, 2007 01:43AM

We have others also.
But be aware, there are a lot of stored XSS-es and stuff. It's scary in there! :P

http://testaspnet.acunetix.com/ - acublog
http://testasp.acunetix.com/ - acuforum



Edited 1 time(s). Last edit at 03/29/2007 01:44AM by blad3.

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: rsnake
Date: March 29, 2007 09:08PM

Hahah... hacking the hackers who hack the test site? Very cute.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: hackathology
Date: March 30, 2007 03:45AM

hahahaahhah, so anyone tried on the sample acunetix site?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: jungsonn
Date: March 31, 2007 12:15PM

Most commerical software vendors do this; they have code auditors. Most open source software does not, or not much. Cause it's basicly free, and a comercial software builder can't afford to have holes in them. (besides Micro$oft) that is.

It is an interesting idea, but I rather see programmers to educate themselfs.

Options: ReplyQuote
Re: Security by Extensive Exploitation?
Posted by: hackathology
Date: March 31, 2007 11:26PM

Nuff said :)

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.