Penetration Testing mailing list archives
RE: Looking for a fuzzer/source code analyzer on customer developed code
From: Joxean Koret <joxeankoret () yahoo es>
Date: Tue, 18 Mar 2008 09:39:12 +0100 (CET)
Hi, There are many fuzzers but the most powerfull are SPIKE and Sulley. Both of them are Open Source but SPIKE is quite old (as the latest version is only distributed to paying customers). For web services fuzzing I recommend you wsFuzzer (http://www.neurofuzz.com/modules/software/wsfuzzer.php) by Andres Andreu. It's very good. For a general purpose open source fuzzer, if you don't like the previous fuzzers I pointed you, you can use Krash fuzzer (general purpose fuzzer, included in the Inguma project, http://inguma.sourceforge.net). And, for source code analyzers, for C/C++ you may use flawfinder (http://www.dwheeler.com/flawfinder/). Regards, Joxean Koret --- sudhakar () CS Princeton EDU escribió:
Hi all, I am looking for a good fuzzer, against some custom code developed internally. I am looking for a tool to stress test application by: - open many netork connections to application - throw random data to applications to get them to crash - fuzz web services Idea is to add a quality gate for developers before they push code out. Does anyone have any ideas on how to approach the problem? Any source code analyzer out there to do this? Thanks in advance for your ideas. Regards, --Sudhakar
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads
------------------------------------------------------------------------
______________________________________________ Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Looking for a fuzzer/source code analyzer on customer developed code sudhakar (Mar 18)
- Re: Looking for a fuzzer/source code analyzer on customer developed code Marco Crotta (Mar 18)
- Re: Looking for a fuzzer/source code analyzer on customer developed code Zed Qyves (Mar 18)
- RE: Looking for a fuzzer/source code analyzer on customer developed code Joxean Koret (Mar 18)
- RE: Looking for a fuzzer/source code analyzer on customer developed code Gadi Evron (Mar 18)