Re: From blackbox to grey-box during Web App tests

["J.M. Seitz" <lists () bughunter ca>]

> PaiMei and BinNavi are fuzzer trackers, as I explained.  gcov 
> is more of a basic line coverage tool, isn't it?  See:
> http://bullseye.com/coverage.html

I can't speak for BinNavi, but PaiMei isn't just a fuzzer tracker, code
coverage is useful from an RE perspective as well if you are trying to hone
in on particular pieces of logic within a binary. DeMott's EFS relies
heavily on PaiMei's code coverage abilities to determine fitness for its
fuzzing runs, that's just an example.

Gcov is a whitebox code coverage tool, and there are some interesting tools
from Compuware that integrate directly into your VS 2005 environment to give
you code coverage metrics.

I guess I am not too sure how useful that Tracer is, the more I have thought
about it, the more I like Dave's idea of having a filter on the running
server (database), that captures all SQL queries that made it into the
server, and reporting the results back that match an injection. To take this
a step further you could also hook into the application server itself and
hook file creation, process creation, etc. 

JS

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave