LC Networks Communication

beSTORM performs comprehensive software security analysis and discovers vulnerabilities during development.

Black Box Software Testing

beSTORM represents a new approach to security auditing. This new approach is sometimes called "fuzzing" or "fuzz testing" and can be used for securing in-house software applications and devices, as well as testing the applications and devices of external vendors.

Most security holes found today in products and applications are discovered by automated, blackbox software testing. beSTORM tries virtually every attack combination, intelligently starting with the most likely scenarios and detects application anomalies which indicate a successful attack. Thus security holes can be found with little user intervention.

 

Comprehensive security testing for all networked applications

Previously available only to governments and large corporations, beSTORM has established a long and well documented history of identifying security issues in network equipment and software. Simple to use but powerful enough to have been deployed by the military, beSTORM can replace dozens of hard to use or poorly supported and documented tools and provides a standard, reliable and repeatable security testing process that businesses of any size can incorporate into their software QA process.

Technically, beSTORM is a commercial, black box, intelligent fuzzer. It is used in a lab environment to test application security during development or to certify software and networked hardware prior to deployment. It comes with complete technical and developmental support, does not need or use source code and delivers fast results by testing the most common, most likely failure scenarios first and then branching out into a near infinite range of attack variations.

Contact us today and get your software security testing questions answered.

How beSTORM Black Box Security Testing Works

• Innovative: beSTORM performs exhaustive analysis to uncover new and unknown vulnerabilities in any software. It's unique and powerful testing algorithm focuses on attacks that are most likely to succeed, thus producing results far faster than simple brute force testing. beSTORM does not need the source code to analyze and uncover vulnerabilities.
• Multi-Protocol: All Internet protocols can be tested using beSTORM - even complex protocols such as SIP (used in Voice over IP products) are supported.
• Intelligent Fuzzing: Special attack prioritizing algorithms allow beSTORM to start with the attacks most likely to succeed, depending on the specific protocol that is audited. This saves considerable time during the audit process and highlights the most important problems, first.
• Accurate Reporting: beSTORM checks the application externally by triggering actual attacks. Vulnerabilities are reported only if an actual attack has been successful, for example if a buffer overflow has been triggered. Simply put, beSTORM emulates an attacker. If the attacker cannot carry out the attack, beSTORM will not report it, effectively reducing the number of false positives.
• Fast and Deep Testing: beSTORM is able to convert the protocol standard text to automated set of tests by converting the BNF description used in technical RFC documents to attack language. This ensures that the entire functionality of the system is checked, and enables to quickly find bugs that otherwise surface only months or years after the product is released to the market.
• Comprehensive Analysis: beSTORM detects vulnerabilities by attaching to the audited process and detecting even the slightest anomalies. By doing so, beSTORM can find attacks as subtle as 'off-by-one' attacks, as well as buffer overflow attacks that do not crash the application.
• Scalable: beSTORM is extremely scalable, with the ability to use multiple processors or multiple machines to parallelize the audit and substantially reduce the testing duration.
• Extensibile: beSTORM tests the protocol rather than the product, and therefore can be used to test extremely complicated products with a large code base.
• Flexibile: beSTORM's protocol analysis can be easily extended to support your proprietary protocol.
• Language Independent: beSTORM tests the binary application, and is therefore completely indifferent to the programming language or system libraries used. beSTORM will report the exact interaction that triggers the vulnerability allowing programmers to debug the application with whatever development environment they wish.