Version Comparison

beSTORM Product Line

More Information and Free Trial

beSTORM is sold by 'seat' and by range of protocols, servers, transport layers and files

Description

beSTORM Trial

beSTORM Professional

beSTORM Web Applications

General Purpose Fuzzer N/A
Network Protocol Fuzzing N/A
DLL / API Fuzzing N/A
ActiveX Fuzzing N/A
Client side Network fuzzing N/A
File fuzzing Partial N/A
80-20 approach to finding vulnerability: 4 levels of testing on the protocols (known vulnerabilities, simple implementation, full RFC (+extension) implementation, and quirks (Special cases in special products). Partial
Development Language independent
Does not require source code
Linux/Unix and Windows support Only Windows
Integrated tests for known vulnerabilities with full information from CVE
Reproducible tests
Easily export test case to Perl scripts and generate binary data of tests
Supports binary protocols
Session based protocols
Standard encryption support
Intelligent module structure (Supporting length/offset dependencies, element counters, duplications, encoders etc.)
High throughput and speed. Supports specifying the optimal connection to a specific server.
Easily adaptable to a new testing environment
Hands free testing (ability to automatically stop and restart the test according to monitored results).
Batch mode support (auto-resume testing upon crash)
Custom Module support - build your own proprietary modules for in-house protocols, extensions, file formats and API definitions
Tailored attack types (sql injection, cross site scripting, format string, add your own)
Add External DLL calls to your modules (special encryption, file/net operation, custom libraries)
Custom vulnerability detection support
Buffer overflow attacks
Integer overflows / underflows attacks N/A
Format string attacks N/A
Null byte attacks N/A
Buffer poisoning attacks
Off-by-one attacks N/A
Malformed encoding attacks
Extended functionality to modules through standard win32 api, openssl, Unix
Bookmarks - allows to go back in time to previous tests and regenerate scenarios
Advanced optimization - allowing faster results by focusing tests on prime subset of tests
Supports IPv6, IPv4 IPv4 only
Auto Learn - Wizard to build new modules (of any type)
"Packet capture to beSTORM module" converter (to easily create a beSTORM custom module)
Graphical representation of module and attack vectors
Automatically control speed testing settings from monitor
Change test cases/order depending on result
Monitoring tool to examine tested application
Ability to implement your own monitor and integrate with beSTORM Client
gdb integration
Ollydbg integration
WinDBG integration
Includes the following predefined protocols:

Low-level Network:
  • ARP
  • HSRPv2
  • HSRP
  • ICMP (v4 and v6)
  • IEEE 802.11 (Wifi)
  • IEEE 802.14.4 (wireless PAN)
  • IEEE 802.1Q (VLAN)
  • IP (v4 and v6)
  • IGMP (v0, v1, v2 and v3)
  • LLDP
  • PIMv2
  • PPPoE
  • RGMP
  • SCTP
  • TCP (v4 and v6)
  • UDP (v4 and v6)
  • UDPLite
  • ZigBee
Network Clients:
  • BGP
  • BVLC (BACnet transport)
  • DHCP
  • Diameter
  • DNP3 (SCADA)
  • DNS
  • Dropbox LAN Sync Discovery
  • FTP
  • GTPv1 (GTP-U)
  • HTTP/1.0
  • HTTP/1.1
  • HTTPS/1.0
  • HTTPS/1.1
  • ICAP
  • IMAP
  • IPsec AH
  • ISUP (SIP-I, SIP-T)
  • ISAKMP (IKE)
  • KIES
  • LDAP
  • LLC
  • LLDP
  • LLMNR
  • M3UA (MTP3)
  • MGCP (Megaco, H.248)
  • Modbus (SCADA)
  • NNTP
  • NTP
  • OSPF
  • POP3
  • Radius
  • RANAP
  • RIPng
  • RSH
  • RTP
  • RTSP
  • TAPA
  • SDP
  • SIP
  • SNMP (v1, v2 and v3 with/without MD5, SHA and DES)
  • SMTP
  • STUN
  • SYSLOG
  • SSH
  • TFTP
  • Teredo
  • Telnet
  • TPKT (RFC 1006)
  • VRRP
Network Servers:
  • DHCP
  • DNS
  • FTP
  • HTTP
  • HTTPS
  • SMTP
  • SSL
Transport Layers:
  • IPSec (AH, ESP)
  • SCTP
  • SSLv2
  • SSLv3
  • TLS
Files:
  • ANI
  • BMP
  • DOC (MS Word)
  • GIF
  • HTML
  • ICO
  • JASC PAL
  • JPEG
  • PAL
  • PDF
  • PNG
  • PPT
  • TIFF
  • TGA
  • UPX
  • WAV(PCM)
  • XLS
Wifi:
  • IEEE80211
  • IEEE802 11u
EDSA:
  • EDSA 401 Ethernet
  • EDSA 402 ARP
  • EDSA 403 IPv4
  • EDSA 404 ICMPv4
  • EDSA 405 UDPv4
  • EDSA 405 UDPv6
  • EDSA 406 TCPv4
Hardware:
  • Alternate MAC/PHY (Bluetooth)
  • Service Discovery Protocol (Bluetooth)
  • RFCOMM (Bluetooth)
  • HDMIv1.3
  • Fastboot
  • HDCPv1.1
  • HDCPv2.0
  • L2CAP (Bluetooth)
  • USB Request Block (USB)
  • USB Mass Storage (USB)
N/A

beSTORM Monitor

Linux/Unix and Windows support
Both console and Windows GUI versions
Auto-starts tested application in case of crash
Catches exceptions
Catches buffer overflows
Catches buffer overruns
Reports on cpu/memory usage
Parses log files

More Info:

Beyond Security

is an Approved Scanning Vendor for the Payment Card Industry

Web Application Testing:

Discover security issues in web apps, web sites, their related equipment and databases