Forum Thread: Null Byte Articles on Fixing Vulnerabilities?

Before anyone comments some snide remark like, "There's a search bar for a reason", I have checked Null Byte for anything pertaining to fixing vulnerabilities. However everything I find seems to be about creating these exploits or exploiting them.

I understand the importance of knowing how to launch attacks, but let's say I want to be able to help fortify my website or such. Can someone link me to other sites detailing how to fix vulnerabilities?

11 Responses

There's not one website that gives you everything, but if you use Google Search you will probably find what you need... most of us will be able to help you patch whatever vulnerabilities you have or want to patch, but you might also find that the tutorials here that explain how to exploit huge vulnerabilities will include a short description of how to patch it. Cx2H has an entire article on identifying and patching Shellshock.

Thank you! I will look for it.

Jack:

In most cases, fixing a vulnerability simply means applying the patch provided by the developer.

Which means that if you are using Linux, you can probably just apt-get update && apt-get dist-upgrade. For Windows... well, that means rebooting five times hoping the update doesn't corrupt your hard disk.

I use a Windows OS (with Linux in VM). I was curious if there were any ways to patch it besides downloading a developer patch.

Build your own...? I'm trying to figure out your level of experience.

I am a novice who lacks the knowledge at the moment for creating my own. I simply was looking for articles to save for reference when I am able to do such work on my own.

Well, then first thing is you need to learn coding, and I recommend Coding Ground for that. They have the largest library of tutorials in one place. Learn, and apply that knowledge. It seems that you are new, so I think you are underestimating the difficulty of writing a patch.

This is actually a very good question, but your kinda all over the place and I don't think that you mean to be. You started by asking how to fix a vulnerability. As OTW stated the most practical way to do that is updates. Then you say fortifying a web server. Then you state you computer running virtual machines. These are all completely different. Are you looking to secure something specific or are you trying to learn the best practices of security in general (though even that leads to so many more questions of what your looking to secure)?

The examples were hypothetical, since various people I know have websites might be vulnerable. I understand the basics of downloading patches but lack the expertise to make my own. My question was just to see if there was a step by step guide for patching vulnerabilities by yourself. I am sorry for the confusion, I'm new here and my thoughts are scattered oftentimes.

Just to clarify, I only tell people to use the search function when there are already articles related to the question they're asking. It's blatantly obvious when people haven't used the search function.

Also, Code Academy is a decent resource to check out. I've always found interactive learning to be the most effective. Writing your own patch will come with how much you understand the coding language you're reading, as well as coding in general.

The Linux Documentation Project and other Linux sites are also good resources if you're looking to delve into open-source software.

If you make any other nice findings, don't hesitate to share with the rest of us. I always love finding new resources.

EDIT: Also, good luck in your search.

ghost_

Share Your Thoughts

  • Hot
  • Active