From: FocusHacks (focushacks@gmail.com)
Date: Sat Jan 28 2006 - 23:19:52 EST
I'd say 100% of pen testers use exploits found on mailing lists and
security sites, and I would be willing to bet a good 25% of them are
getting exploits from friends and other limited-distribution channels
on top of using published exploits.
Honestly I'd bet the number of pen-testers actively finding holes to
exploit is probably in the single-digit percentages. There may be 25%
who take an advisory and reverse engineer the app to code an exploit
for it, or re-vamp some POC code to be useable in the field, but I
doubt 25% are actually finding the bugs to begin with.
On 1/26/06, yawgmoth7 <yawgmoth7@gmail.com> wrote:
> I've always wondered about this, I do not know why. But just the
> different ways that pen-testers get their exploits/vullnerabilities. I
> think it would go something like this:
> 50% From online security sites
> 25% Find their own
> 25% From their friends
>
> Have I left any out? If so, go ahead and add it, this is just about
> what I think it would be. This has always interesting me for some
> reason.
>
> See ya
> --
> gurusnetwork.org
> Gurus'Network - Are you a guru?
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
-- http://www.FocusHacks.com - The Ford Focus Modification Site! ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT