Dailydave mailing list archives
Re: From blackbox to grey-box during Web App tests
From: "J.M. Seitz" <lists () bughunter ca>
Date: Fri, 12 Oct 2007 07:54:34 -0700
PaiMei and BinNavi are fuzzer trackers, as I explained. gcov is more of a basic line coverage tool, isn't it? See: http://bullseye.com/coverage.html
I can't speak for BinNavi, but PaiMei isn't just a fuzzer tracker, code coverage is useful from an RE perspective as well if you are trying to hone in on particular pieces of logic within a binary. DeMott's EFS relies heavily on PaiMei's code coverage abilities to determine fitness for its fuzzing runs, that's just an example. Gcov is a whitebox code coverage tool, and there are some interesting tools from Compuware that integrate directly into your VS 2005 environment to give you code coverage metrics. I guess I am not too sure how useful that Tracer is, the more I have thought about it, the more I like Dave's idea of having a filter on the running server (database), that captures all SQL queries that made it into the server, and reporting the results back that match an injection. To take this a step further you could also hook into the application server itself and hook file creation, process creation, etc. JS _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- From blackbox to grey-box during Web App tests Dave Aitel (Oct 09)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 10)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 10)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 11)
- Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 12)
- Re: From blackbox to grey-box during Web App tests Matt Hargett (Nov 07)
- Re: From blackbox to grey-box during Web App tests Andre Gironda (Oct 11)
- Re: From blackbox to grey-box during Web App tests Adriel Desautels (Oct 13)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 14)
- Re: From blackbox to grey-box during Web App tests C Q (Oct 14)
- Re: From blackbox to grey-box during Web App tests J.M. Seitz (Oct 15)
- Re: From blackbox to grey-box during Web App tests C Q (Oct 14)
- Re: From blackbox to grey-box during Web App tests Thomas Ptacek (Oct 14)