• Products
  • PCI ASV Services
  • Software Testing - beSTORM
    • Overview
    • Features
    • Whitepaper
    • FAQs
    • Testimonials
    • Free Trial
    • Certify Your App
    • Current Version
    • Simple Web Server
  • Network Testing - AVDS
    • Overview
    • Reports
    • Free Trial
    • AVDS White Paper
    • Testimonials
    • Case Studies
    • Active Network Scanning
    • Custom Web Server Testing
    • FAQs
    • MSP Services
    • Management Server Version
    • LSS and SAS Versions
  • Web Site Testing - WSSA
    • Overview
    • Features
    • FAQs
    • Case Studies
    • Prices
    • MSP Services
    • Sample Report
    • Compare to Hacker Safe
    • WSSA Security Seal
    • Why Scan My Site?
    • The Technology
  • MSP Services
• Learning Center
  • PCI Compliance FAQs
  • VA/VM White Paper
  • The Secret of Scanning Accuracy
  • MSP Services
  • About SQL Injection
  • QA: Fuzzing Buffer Overflows
  • Web Security & Web Scanning
  • Malware Defense Strategies
  • Patching Network Vulnerabilities
  • Network VA-VM Case Studies
  • Finding Weaknesses During Dev.
  • Web Site Audit Case Studies
  • Web Site Security ROI
  • Fuzzing and Microsoft SDL
• Free Trials
  • Vulnerability Scanner Eval
  • Software Testing Download
  • Website Scanner Free Trial
  • MSP Platform Free Demo
• About
  • Company Overview
  • Management Team
  • Careers
  • Press
    • Press Releases
    • Success Stories
    • beSTORM Press Kit
    • Testimonials
    • Customers
• Partners
  • Marketing Partners
  • Technology Partners
  • MSP and MSSP Services
  • Distributors
  • System Integrator
• Contact

beSTORM

Current Version: 4.0.1 build 5168

beSTORM performs comprehensive, automated, software analysis and will expose security vulnerabilities - even during product development.

beSTORM's approach is sometimes called "fuzzing", "fuzz testing" or "fuzzer" and can be used for securing in-house developed applications and devices as well as applications and devices of external vendors.

beSTORM is an automated attack tool that intelligently attempts every possible attack combination. It can detect application anomalies and indicate a successful attack with almost no user intervention.

• Exhaustive Software Analysis beSTORM performs an exhaustive analysis to uncover previously unknown vulnerabilities in software products. It does not use attack signatures or attempt to locate known vulnerabilities in products. beSTORM does not need the source code to analyze and uncover vulnerabilities.
• Handles Most Protocols Most of the common Internet protocols can be tested by beSTORM - even complex protocols such as SIP (used in Voice over IP products) are supported.
• Attack Prioritization Special attack prioritizing algorithms allow beSTORM to start with the attacks most likely to succeed, depending on the specific protocol that is audited. This saves considerable time during the audit process and highlights the most important problems first.
• No False Reports beSTORM checks the application externally by triggering actual attacks. Vulnerabilities are reported only if an actual attack has been successful, for example if a buffer overflow has been triggered. Simply put, beSTORM emulates an attacker and only reports successful attacks.
• Protocol Compliant beSTORM converts protocol standard text into an automated set of tests by converting the BNF description used in technical RFC documents into attack language. This ensures that the entire functionality of the system is checked and enables it to quickly find bugs that otherwise surface only months or years after the product is released to the market.
• Comprehensive Analysis beSTORM attaches to the audited process and detects even the slightest anomalies. beSTORM can find 'off-by-one' attacks and buffer overflow attacks that do not crash the application.
• Scalable beSTORM can use multiple processors or multiple machines to substantially reduce the testing duration.
• Extensible beSTORM tests the entire protocol rather than just the product, and so can be used to test extremely complicated products with a large code base.
• Flexible beSTORM's protocol analysis can be easily extended to support your proprietary protocol.
• Language Independent beSTORM tests the binary application, and is therefore completely indifferent to the programming language or system libraries used. beSTORM will report the exact interaction that triggers the vulnerability thus allowing programmers to debug the application with whatever development environment they wish.

• Integrates with the existing development strategy Search for security vulnerabilities during development or as part of your QA process.
• Source code not required No need for source code - perfect for auditing 3rd party applications.
• Reproducible Vulnerabilities are searched for in a methodical way which can be reproduced.
• Powerful substitute beSTORM can be used to substitute existing tools used by security auditors and black-box testers.