|
Dailydave
mailing list archives
Re: Does Fuzzing really work?
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Tue, 26 Sep 2006 00:02:17 +0300
On Monday 25 September 2006 23:21, Peter Winter-Smith wrote:
knowing what I do of Dave I suspect was more of a
joke/challenge than a definitive statement ;-)
:-)
The research looks very interesting however, in those figures that you gave
to what degree do you take account for subsets of data that you are testing
(fields within a given portion within a given protocol, and the format of
the data that they can accept), etc, and the valid common interesting bad
values which can typically be used in such circumstances (i.e data which
conforms but has often been known to cause problems - strings of specific
lengths, given sets of integer values which often cause problems, etc)?
Well, all of the above! If we just look for 'common bad values' we're not
doing much - not much better than running nessus against the application.
With beSTORM we take apart the protocol description and try ALL OF IT. So the
number of scenarios I mentioned is for every FTP command, and for every
scenario we try all string lengths (up to megabytes) in several string
formats, and do some optimizations to speed things up.
FTP is quick to fuzz, download and see for yourself - I would love to see what
you think.
-Peter
Regards,
Aviram Jenik
Beyond Security
(703) 286-7725 x504
http://www.BeyondSecurity.com
http://www.SecuriTeam.com
Looking for Unknown Vulnerabilities?
http://beyondsecurity.com/beSTORM
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
