This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

How To Blackbox Test Almost Anything

From OWASP
Revision as of 06:57, 24 July 2009 by Dhruvsoi (talk | contribs) (Created page with 'Taking over your iphone with an SMS message. Running code on Oracle server using just a browser. Creating a PDF file that contains a hidden Trojan horse. Causing ATM machines to …')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Taking over your iphone with an SMS message. Running code on Oracle server using just a browser. Creating a PDF file that contains a hidden Trojan horse. Causing ATM machines to spit out unlimited cash. These types of security weaknesses are discovered all the time (those are just examples from the last few months), and it seems that just about any device that runs code can be hacked. But how are those hacks discovered? And most importantly: How can we detect weaknesses in our own products and applications so that we can fix them before the "bad guys" get there? Answer: by using the same tools the bad guys do.

This presentation will talk about the performing security testing without needing the source code, whether we are testing software, hardware, appliances or remote services.

We will mainly discuss blackbox testing by "fuzzing" - the technique used by the 'black hat' hackers and is credited for uncovering most of the security holes that are discovered today.

Retrieved from "https://wiki.owasp.org/index.php?title=How_To_Blackbox_Test_Almost_Anything&oldid=66478"