[OWASP-Bangalore] OWASP-Bangalore Digest, Vol 22, Issue 9

Rajiv Vishwa rajivvishwa at gmail.com
Sat Sep 12 21:52:19 EDT 2009


Hi,

In case if I want to try this out, I would probably run this inside a VM.
Has anyone really tried this? If yes please explain.

Regards
*Rajiv*
Security Consultant


On Sat, Sep 12, 2009 at 9:30 PM, <owasp-bangalore-request at lists.owasp.org>wrote:

> Send OWASP-Bangalore mailing list submissions to
>        owasp-bangalore at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
> or, via email, send a message with subject or body 'help' to
>        owasp-bangalore-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-bangalore-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Bangalore digest..."
>
>
> Today's Topics:
>
>   1. exploitable Crash Analyzer - Open Source Security Tool from
>      Microsoft (PraKash)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 11 Sep 2009 21:12:57 +0530
> From: PraKash <prakash2757 at gmail.com>
> Subject: [OWASP-Bangalore] exploitable Crash Analyzer - Open Source
>        Security        Tool from Microsoft
> To: null-co-in at googlegroups.com, owasp-bangalore at lists.owasp.org
> Message-ID:
>        <cf2478a20909110842l183ff6e1q18cd7f70acdae9d7 at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Microsoft released an open-source program designed to streamline the
> labor-intensive process of identifying security vulnerabilities in software
> while it?s still under development.
>
>
> It provides automated crash analysis and security risk assessment. This
> tool
> was created by the Microsoft Security Engineering Center (MSEC) Security
> Science Team. exploitable Crash Analyzer (pronounced ?bang exploitable
> crash
> analyzer?) combs through bugs that cause a program to seize up, and
> assesses
> the likelihood of them being exploited by attackers. It?s a Windows
> debugger
> extension that?s used during fuzz testing, when testers test the stability
> and security of an application by throwing unexpected data at it.
>
>
>
> The tool creates hashes to ensure each crash is unique then rates them
> according to how exploitable it is - Exploitable, Probably Exploitable,
> Probably Not Exploitable or Unknown.
>
>
> Download !exploitable Crash Analyzer
> http://msecdbg.codeplex.com/Release/ProjectReleases.aspx?ReleaseId=28935
>
>
>
> - Prakash
>
>
> <http://www.linkedin.com/in/prakashp>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090911/9ce1cacb/attachment-0001.html
>
> ------------------------------
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
> End of OWASP-Bangalore Digest, Vol 22, Issue 9
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090913/42e48e5b/attachment.html 


More information about the OWASP-Bangalore mailing list