Checking vulnerabilities without access to the source code?

Question

tech291083 5 Junior Poster

17 Years Ago

hi,

we often hear that a certain software product has security holes as claimed by research firms/ hackers and security solutions vendors. i just came across one article as follows,
about sql server and oracle rdbms.

http://www.theinquirer.net/default.aspx?article=36000

as far as i understand, in order to know in what sense a software is having a security issue/hole/vulnerability, one needs to have access to the source code of the product in question. but many a time it looks like that source code is not made available to these companies/hackers etc and still they report the problems. how does this work? thanks.

4 Contributors
4 Replies
146 Views
9 Months Discussion Span
Latest Post 17 Years Ago Latest Post by matale

ithelp 757 Posting Virtuoso

17 Years Ago

It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tech291083 5 Junior Poster · Answer 1 · 2007-03-01T16:29:55+00:00

It is not required, you can learn a lot from windows internals books,oracle handbook, you already have some opensource like postgresql/linux to play with and list down what all are the main bugs, try to attack a simmilar database/os using the knowledge you have gained

Brilliant, cheers mate. Appreciated.

Day Brown 0 Newbie Poster · Answer 2 · 2007-04-06T09:18:53+00:00

Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.

So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.

matale 3 Light Poster · Answer 3 · 2007-09-21T17:28:18+00:00

Part of the problem Microsoft has, is that programmers are not fools. Back in the 80's M$ stole software sure that they had enough lawyers to keep a programmer in court forever. SO- programmers began inserting "back doors" into their code, strings of assy bytes, that if called could call external subroutines you know as viruses.
So, Microsoft has stolen the code along with the back doors, and at this point, has no idea how much it has stolen.

:icon_rolleyes: