You can now reliably certify almost any network hardware or software for compliance to the industry standard RFCs, common implementation practices and interoperability with other products and environments, all while checking it for known and unknown security holes.

The certification is done by beSTORM's patented fuzzing engine which can test your product for known vulnerabilities and their variants as well as unknown vulnerabilities that are specific to your platform, product or even setup.

Running a full beSTORM session will launch several millions of different attack scenarios against your product and enable you to certify that it's ready for the real world and safe from any security weaknesses such as buffer overflows and format string vulnerabilities.

Many of beSTORM's standard protocol modules include both the RFC specifications and proprietary implementations. One example is the FTP protocol module.

How can I certify my product?

Download beSTORM, configure your product to work in a production-like configuration and launch beSTORM against it.

As soon as beSTORM completes its run you will receive a report indicating whether your product has passed the required certification requirements or whether it has failed any of them.

Can beSTORM test proprietary protocols?

beSTORM has a unique feature that allows it to auto-learn any network protocol by analyzing sample data and determining the protocol description.

File Transfer Protocol (FTP)

beSTORM is able to test both the server side and client side of the FTP protocol, with strong emphasis on support for the following RFCs: RFC 959, RFC 949, RFC 1639, RFC 2228, RFC 2389, RFC 2428 and RFC 2640. These RFCs include the specification from the most basic FTP commands USER and PASS, up to the more complex PBSZ and AUTH directives.

beSTORM can verify that an FTP server or an FTP client would not fail to work in production or even hostile environments without falling to an attacker exploiting a buffer overflow or a format string vulnerability to gain unauthorized access or crash the device remotely.