- Network Service Exploitation
- Client-Side Validation Bypass
- Design Flaws
- Coding Flaws
Many companies will have numerous agents and services listening on their network. These are typically set up on trust by the vendor or solutions provider, with the available security configurations selected as seems most appropriate. But this underscores a bigger question:
Do you trust the product to function according to its stated configuration?
The nature of research-oriented technical security is never to take any manufacturer’s claims on trust. Many products can compromised simply by sending the right unauthenticated string to a listening service, replacing a key file or pulling an encryption key from memory. Is the product robust, or is it playing dice in becoming a potential statistic on osvdb.org or exploit-db.com?