VDA Labs

Home

Vulnerability Discovery and Analysis (VDA) Labs was designed to find bugs and help advance the state of software security.

Introduction

There are three main techniques used to find bugs in software: source code audits, reverse engineering, and fuzzing.  Source code auditors scan code for programmer mistakes.  Reverse engineers, working with only the compiled bytes of a program, reverse the internal operations in search of weaknesses.  Fuzzing, or robustness testing, involves executing and monitoring target applications while semi-valid data is delivered to the interfaces under test.  The combination of these exposed interfaces is known as the attack surface.  (Watch: A 2006 DEFCON Talk about Fuzzing)


The appropriate method to utilize when auditing an application for robustness varies based on: audit time frame, source code availability, auditor experience, original programming language, and more.

 What's New?

- Starting some interesting work on Execution Mining

- The complete syllabus for the AppSec course

- Released QuickTime hacking talk and samples!

- I'll be teaching the professional AppSec training course in 2009 at ShakaCon, Black Hat, and ToorCon!

- A taste of the professional training class I've been working on.  Presented at ToorConX

- Our fuzzing book by DeMott, Takanen, Miller has arrived! BOOK

- The Evolutionary Fuzzing System was released.  Mr. DeMott spoke about EFS at Black Hat and DEFCON in 2007. Listen

 


 

 

 

Copyright VDA Labs. All rights reserved.