Zero-Day Vulnerability Management
This is a webinar presented by Ari Takanen of Codenomicon. He basically takes the approach of fuzzing to find vulnerabilities yourself. I thought this was interesting, I don’t know how financially feasible it is to integrate fuzzing of all communication interfaces, and file formats in your enterprise – I do however think it has some merit in certain environments.
I put this video here because I know that people are always concerned about Zero-Day exploits being used by APT attackers. The concern that I have is that not all exploitation requires the presence of a vulnerability. If I email someone a trojaned PDF, then via that trojaned PDF I drop a key logger on the box and move around the network with stolen credentials – I don’t know how this addresses that.