VDA Labs

Home

Vulnerability Discovery and Analysis (VDA) Labs was designed to find bugs and help advance the state of software security.

Introduction

There are three main techniques used to find bugs in software: source code audits, reverse engineering, and fuzzing.  Source code auditors scan code for programmer mistakes.  Reverse engineers, working with only the compiled bytes of a program, reverse the internal operations in search of weaknesses.  Fuzzing, or robustness testing, involves executing and monitoring target applications while semi-valid data is delivered to the interfaces under test.  The combination of these exposed interfaces is known as the attack surface.  (Watch: A 2006 DEFCON Talk about Fuzzing)


The appropriate method to utilize when auditing an application for robustness varies based on: audit time frame, source code availability, auditor experience, original programming language, and more.

What's New?

- AppSec A-Z: Reverse Engineering, Source Code Auditing, Fuzzing, and Exploitation.  Presented at Black Hat and ToorCon 2008.

- Our fuzzing book by DeMott, Takanen, Miller has arrived! BOOK

- The Evolutionary Fuzzing System was released.  Mr. DeMott spoke about EFS at Black Hat and DEFCON this year.

Listen now

- Charlie Miller also spoke on Fuzzing at DEFCON 15.  Hear his Talk.

- Quick Malware "toolkit" analysis released (here)

 


 

 

 

Copyright VDA Labs. All rights reserved.