Software Security Test Successes with beSTORM
beSTORM discovered a fatal issue in a customer's stock exchange tracking software in 45 minutes of work and 29 seconds of beSTORM running time:
1. beSTORM was set up as a client application on a Windows machine
2. Logged in to the server as a customer (as requested by customer) and used beSTORM as MITM to capture the traffic
3. The traffic is encrypted, but had what looks like a 'header'. Based on data in the header a simple module was created. Took a total of 45 minutes from start to finish, the beSTORM module less than 15 minutes from that time
4. Started fuzzing against the actual (live) server as required and requested by customer (Kids, don't try this at home) with TCP echo monitoring
5. 29 seconds later, test combination 206 crashed the server. It was no longer accessible from any of our machines
6. Customer did not believe it, so they reset server and this same test crashed it again in 30 seconds!
The procedure above produced a proprietary beSTORM module whose test range is very far from testing the entire API specification and is very very crude. But it worked for a demonstration. The customer now realizes they have a problem and that beSTORM can help. Using the API a comprehensive test module can be built in a few hours that will be deliver a comprehensive and exhaustive range of tests that will effectively certify their application as being free of security issues.
This tool has been very wonderful to use. I've used similar fuzzers but there is so much work to get, say, Sulley fuzzing framework up and running. beSTORM is very basic and simple. No further questions as of yet. The simplicity of this tool is great for people looking to dive into fuzzing and its easy to setup testing to start to fuzz. Of course knowing the protocols will help but none the less beSTORM is a excellent tool. Thanks, CC.
beSTORM Finds eSafe 4 Mail Thwarts 55 Security Attacks. Award-winning email content security solution passes rigorous testing with perfect score
CHICAGO - Aladdin Knowledge Systems Ltd. (NASDAQ: ALDN) today announced the results of using beSTORM to audit the eSafe 4 SMTP module, confirming the product is free from vulnerabilities or security weaknesses.
All tests were conducted with beSTORM on eSafe 4 as an SMTP mail relay server. eSafe 4 behavior was monitored at all times to verify the results of any system crashes or poor performance.
During the development of beSTORM, Beyond Security has made sure that the product met its expected goals by constantly taking vendor provided products, and running beSTORM against them. To date we have tested over 13 products, each of which had at least one security vulnerability that prompted the vendor to release a patch to prevent their customers from being vulnerable to the discovered problem.
- TFTPD32 Buffer Overflow Vulnerability (Long filename) -http://www.securiteam.com/windowsntfocus/6C00C2061A.html
- Security Vulnerability in WinSyslog (DoS) -http://www.securiteam.com/windowsntfocus/6L00F158KE.html
- sipD Format String Vulnerability - http://www.securiteam.com/unixfocus/6R00G1595S.html
- sipD gethostbyname_r DoS - http://www.securiteam.com/unixfocus/6B00F0A95O.html
- Xlight FTP Server PASS Buffer Overflow -http://www.securiteam.com/windowsntfocus/6X00R0K95E.html
- ArGoSoft FTP Server Multiple Vulnerabilities (SITE ZIP, UNZIP, COPY, PASS) -http://www.securiteam.com/windowsntfocus/5RP010KCAO.html
- WFTPD GUI DoS - http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html
- GlobalSCAPE Secure FTP Server Buffer Overflow (Parameter Handling) -http://www.securiteam.com/windowsntfocus/5KP0C20CAC.html
- KPhone STUN DoS (Malformed STUN Packets) -http://www.securiteam.com/unixfocus/5PP0B1FCLY.html
- Serv-U LIST -l Parameter Buffer Overflow -http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
- Titan FTP Server Aborted LIST DoS -http://www.securiteam.com/windowsntfocus/5RP0215CUU.html
- Firebird Database Remote Database Name Overflow -http://www.securiteam.com/unixfocus/5AP0P0UCUO.html
- Mollensoft Lightweight FTP Server CWD Buffer Overflow -http://www.securiteam.com/windowsntfocus/5RP0L15CUM.html