This document provides an overview of zero-day vulnerabilities and techniques for discovering them, including source code auditing and fuzzing. It discusses identifying entry points, input validations, and vulnerable functions by analyzing source code. Fuzzing is introduced as providing invalid or unexpected data to test for crashes or failures. Common fuzzing methods and the fuzzing lifecycle are outlined. Specific tools for source code auditing like RIPS and fuzzing like JBroFuzz are also mentioned.

1. H ow to
Day erab ilities
Vuln

2. Meet ...
Imran & Raghu

3. They work as ...
Web application security engineers

4. They train people in ...

5. They also contribute to...
Null Open Security Community

6. And to ...
Open Web Application Security Project

7. OK, Lets start

8. Before we do that ..

9. The following presentation can cause
severe exposure to high octane gyan
(knowledge) and could leave
participants exhausted with wild ideas

10. Also You may end up in ...

12. With lots of ...

14. and

16. And of course, Knowledge ...

17. begin
Ok ,Lets

18. What is Zero day ?
Zero-day attacks occur during the
vulnerability window that exists in the
time between when a vulnerability is first
exploited and when software developers
start to develop a counter to that threat
Source : wikipedia

19. Vulnerabilities in
famous applications

20. Vulns in Drupal

21. Vulns in Wordpress

22. Vulns in Joomla

23. How its generally done ?
Target : 0 day vulnerability
Fuzzin
g
diting
ode Au
Source c

24. Methodology

25. Know your enemy

26. Set up the Attacking
environment

27. Study the architecture

28. Source Code Auditing

29. Requirements

30. Lots a
n d lots
of pat
ience

31. Attitude of

32. en ;)
an dP
book
No te

33. Source code Auditing

Analyze the entry points

Identify vulnerable Functions

Analyze Input Validations.

Cross check the findings

34. The entry points

35. More ...

36. Few more ...

37. Exec call

38. RIPS output

40. What is Fuzzing ?
Fuzzing is a software testing technique, often automated or semi-
automated, that involves providing invalid, unexpected, or
random data to the inputs of a computer program. The program
is then monitored for exceptions such as crashes, or failing built-
in code assertions or for finding potential memory leaks. Fuzzing
is commonly used to test for security problems in software or
computer systems.

41. What exactly it is ?
1. No Rules for fuzzing
2. No guarantee for fuzzing

42. Fuzzing Methods
1. Sending random data
2. Manual protocol mutation
3. Bruteforce testing
4. Automatic protocol generation
testing

43. Fuzzing life cycle
1. To find bug
2. To find 0 day/write exploit
3. Fuzzer death

44. Fuzzing process
1. Identify target
2. Identify inputs
3. Generate fuzz data
4. Execute fuzz data
5. Monitor for exceptions
6. Determine exploitability

45. Fuzzing Payloads

Find the entry points

SQL Injection

XSS

CSRF

Command Injection

Click Jacking with Drag and drop

46. JBroFuzz

47. Tools for Source code
auditing

The mighty grep

RIPS

RATS

48. Tools for Fuzzing
JBroFuzz
Burp Suite
WebScarab

49. Further Reading
[1]. OWASP Testing Guide
[2]. OWASP Development Guide
[3]. OWASP.org

50. So you know now
* what is a zero day ?
* what is the methodology used ?
* Information gathering of the application
or product
* Discovered or previous vulnerabilities of
product
* Study the architecture of product

51. * Identify the input points
* Source code review
* Source code review (one demo) demo of
RIPS and grep
* Fuzzing
* Fuzzing (one demo) demo of JBroFuzz
* Tools used for code review and Fuzzing

52. Questions ?
हैकर हैक्या ? हैकर

53. Thanks
imran.mohammed@owasp.org
raghunath24@gmail.com