|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Does Fuzzing really work?
From: Aviram Jenik (aviram
beyondsecurity.com)
Date: Mon Sep 25 2006 - 16:02:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday 25 September 2006 23:21, Peter Winter-Smith wrote:
> knowing what I do of Dave I suspect was more of a
> joke/challenge than a definitive statement ;-)
:-)
>
> The research looks very interesting however, in those figures that you gave
> to what degree do you take account for subsets of data that you are testing
> (fields within a given portion within a given protocol, and the format of
> the data that they can accept), etc, and the valid common interesting bad
> values which can typically be used in such circumstances (i.e data which
> conforms but has often been known to cause problems - strings of specific
> lengths, given sets of integer values which often cause problems, etc)?
>
Well, all of the above! If we just look for 'common bad values' we're not
doing much - not much better than running nessus against the application.
With beSTORM we take apart the protocol description and try ALL OF IT. So the
number of scenarios I mentioned is for every FTP command, and for every
scenario we try all string lengths (up to megabytes) in several string
formats, and do some optimizations to speed things up.
FTP is quick to fuzz, download and see for yourself - I would love to see what
you think.
>
> -Peter
Regards,
Aviram Jenik
Beyond Security
(703) 286-7725 x504
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
Looking for Unknown Vulnerabilities?
http://beyondsecurity.com/beSTORM
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]