Re: Does Fuzzing really work?

[Aviram Jenik <aviram () beyondsecurity com>]

On Monday 25 September 2006 23:21, Peter Winter-Smith wrote:
> knowing what I do of Dave I suspect was more of a 
> joke/challenge than a definitive statement ;-)

:-)

> The research looks very interesting however, in those figures that you gave
> to what degree do you take account for subsets of data that you are testing
> (fields within a given portion within a given protocol, and the format of
> the data that they can accept), etc, and the valid common interesting bad
> values which can typically be used in such circumstances (i.e data which
> conforms but has often been known to cause problems - strings of specific
> lengths, given sets of integer values which often cause problems, etc)?

Well, all of the above! If we just look for 'common bad values' we're not 
doing much - not much better than running nessus against the application. 

With beSTORM we take apart the protocol description and try ALL OF IT. So the 
number of scenarios I mentioned is for every FTP command, and for every 
scenario we try all string lengths (up to megabytes) in several string 
formats, and do some optimizations to speed things up.

FTP is quick to fuzz, download and see for yourself - I would love to see what 
you think.

> -Peter

Regards,
Aviram Jenik
Beyond Security
(703) 286-7725 x504

http://www.BeyondSecurity.com
http://www.SecuriTeam.com

Looking for Unknown Vulnerabilities?
http://beyondsecurity.com/beSTORM
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave