[fuzzing] Hey all

Gadi Evron ge at linuxbox.org
Sat Mar 15 04:32:02 CDT 2008 

On Sat, 15 Mar 2008, eugaaa wrote:
> No proposals, however since the publishing of "Fuzzing" by Michael
> Sutton it has gained a lot of momentum. Wind in it's sails, if you will.
> Peachfuzz framework and subsequent conference talks. It has *slowly*
> leaked into bugtraq albeit in a hard to verify way. With the progressing
> pace of systems security I think pretty soon a subset of hackers will
> come to rely on fuzzing and fuzzing frameworks. Thoughts?

You speak of hacking frameworks, I speak of QA frameworks.
Different world.


>
> On Sat, 2008-03-15 at 04:06 -0500, Gadi Evron wrote:
>> On Sat, 15 Mar 2008, eugaaa wrote:
>>> Famous last words.
>>> ;-)
>>
>> Going with a proposal to SANS? :)
>>
>>>
>>> On Sat, 2008-03-15 at 04:02 -0500, Gadi Evron wrote:
>>>> On Sat, 15 Mar 2008, eugaaa wrote:
>>>>> On the other hand, an official certification would mean widespread
>>>>> acceptance as it would instantaneously have become an industry standard.
>>>>> A distasteful but effective idea :<
>>>>
>>>> QA Security Engineer.
>>>>
>>>> If fuzzing becomes wide-spread in corporate enviroments, you could expect
>>>> that. Vendors may also do that. I explored that option in my "corporate
>>>> fuzzing" lecture back in 23C3.
>>>>
>>>> Honestly though, I don't see any widespread acceptance.
>>>>
>>>>
>>>>>
>>>>> On Sat, 2008-03-15 at 02:36 +0100, Joxean Koret wrote:
>>>>>> Hi Sergio,
>>>>>>
>>>>>> With "research" I mean "vulnerability research". How to find
>>>>>> vulnerabilities, highlight error prone vulnerable areas, etc...
>>>>>>
>>>>>> I'm not a certifications fan so don't consider it a cert's defense, just
>>>>>> my opinion regarding "certification in fuzzing".
>>>>>>
>>>>>> Regards,
>>>>>> Joxean Koret
>>>>>>
>>>>>> On sáb, 2008-03-15 at 02:21 +0100, Sergio 'shadown' Alvarez wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "certification in research"...sweet!....what about certifications for
>>>>>>> intelligence and IQ? ;)
>>>>>>>
>>>>>> _______________________________________________
>>>>>> fuzzing mailing list
>>>>>> fuzzing at whitestar.linuxbox.org
>>>>>> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>>>>>
>>>>>
>>>
>>>
>
>

More information about the fuzzing mailing list