mailing list archives
Re: Does Fuzzing really work?
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Tue, 26 Sep 2006 00:02:17 +0300
On Monday 25 September 2006 23:21, Peter Winter-Smith wrote:
knowing what I do of Dave I suspect was more of a
joke/challenge than a definitive statement ;-)
The research looks very interesting however, in those figures that you gave
to what degree do you take account for subsets of data that you are testing
(fields within a given portion within a given protocol, and the format of
the data that they can accept), etc, and the valid common interesting bad
values which can typically be used in such circumstances (i.e data which
conforms but has often been known to cause problems - strings of specific
lengths, given sets of integer values which often cause problems, etc)?
Well, all of the above! If we just look for 'common bad values' we're not
doing much - not much better than running nessus against the application.
With beSTORM we take apart the protocol description and try ALL OF IT. So the
number of scenarios I mentioned is for every FTP command, and for every
scenario we try all string lengths (up to megabytes) in several string
formats, and do some optimizations to speed things up.
FTP is quick to fuzz, download and see for yourself - I would love to see what
(703) 286-7725 x504
Looking for Unknown Vulnerabilities?
Dailydave mailing list
Dailydave () lists immunitysec com