Dave Gill

Starting out

When I applied for my Masters I assumed my Bachelors degree would be sufficient for entry but no... I did not complete my honours so just had an Ordinary degree. So I had to jump through a few more hurdles to get on the course. That did not bother me too much at all as it did give some indication of academic rigour or a certain level. It was a bit of a pain but understandable.

Once I had been accepted for the course, which seemed to take an age, I started to get concerned that I would not be up to the challenge of a masters course and the self doubt started. This was made worse by the fact that I took a look at the first module which seemed to be very technical indeed..... But having started it, and now half way through that module I am not finding it so difficult on a technical level but do struggle to remember everything I should.

So far I have learned all about fuzzing applications to find vulnerabilities and static analysis of code to identify possible areas of interest for the fuzz testing. In doing so I came across a very interesting web application framework for writing web apps in C. I really like coding in C so I did get a little sidetracked playing with the framework rather than fuzz testing it. After doing so I can heartily recommend it. It is called KORE and is available here. Whats more the lead developer Joris seems a decent chap and was very receptive when I told him I was fuzz testing his framework. An even better recommendation for the framework is the fact that in over a week of fuzz testing I was not able to find a single vulnerability in the framework. Which brings me to the Fuzzers I used. The first was SPIKE which I was not able to find any real documentation or references for but is supplied in KALI linux. Spike is very easy to learn and quick to run but not so easy to get a really detailed and thorough scan going without some prolonged learning. The second fuzzer I went for was PeachFuzzer Community Edition. It is written using the .NET framework but getting it working on Linux was trivial. It has a steeper learning curve than SPIKE but the website contains a few tutorials to get you started and the documentation is thorough as long as you persist in your digging.