Home page logo

dailydave logo Dailydave mailing list archives

Re: Does Fuzzing really work?
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Tue, 26 Sep 2006 00:02:17 +0300

On Monday 25 September 2006 23:21, Peter Winter-Smith wrote:
knowing what I do of Dave I suspect was more of a 
joke/challenge than a definitive statement ;-)


The research looks very interesting however, in those figures that you gave
to what degree do you take account for subsets of data that you are testing
(fields within a given portion within a given protocol, and the format of
the data that they can accept), etc, and the valid common interesting bad
values which can typically be used in such circumstances (i.e data which
conforms but has often been known to cause problems - strings of specific
lengths, given sets of integer values which often cause problems, etc)?

Well, all of the above! If we just look for 'common bad values' we're not 
doing much - not much better than running nessus against the application. 

With beSTORM we take apart the protocol description and try ALL OF IT. So the 
number of scenarios I mentioned is for every FTP command, and for every 
scenario we try all string lengths (up to megabytes) in several string 
formats, and do some optimizations to speed things up.

FTP is quick to fuzz, download and see for yourself - I would love to see what 
you think.


Aviram Jenik
Beyond Security
(703) 286-7725 x504


Looking for Unknown Vulnerabilities?
Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]