Dynamic, Black Box Testing on the Generic Access Profile (GAP)

beSTORM is the most efficient, enterprise ready and automated dynamic testing tool for testing the security of any application or product that uses the Generic Access Profile (GAP)

The Generic Access Profile (GAP) (ETSI standard EN 300 444) describes a set of mandatory requirements to allow any conforming DECT Fixed Part (base) to interoperate with any conforming DECT Portable Part (handset) to provide basic telephony services when attached to a 3.1 kHz telephone network (as defined by EN 300 176-2).

The objective of GAP is to ensure interoperation at the air interface (i.e., the radio connection) and at the level of procedures to establish, maintain and release telephone calls (Call Control). GAP also mandates procedures for registering Portable Parts to a Fixed Part (Mobility Management).

A GAP-compliant handset from one manufacturer should work, at the basic level of making calls, with a GAP-compliant base from another manufacturer, although it may be unable to access advanced features of the base station such as phone book synchronization or remote operation of an answering machine. Most consumer-level DECT phones and base stations support the GAP profile, even those that do not publicize the feature, and thus can be used together. However some manufacturers lock their systems to prevent interoperability, or supply bases that cannot register new handsets.

beSTORM specializes in testing the reliability of any hardware or software that uses this transport protocol as well as ensuring the function and security of its implementation.

By intelligently testing up to billions of combinations of dynamically generated input, beSTORM ensures the security and reliability of your products prior to deployment. It is also used around the world by government and industry certification centers to ensure that products are secure before purchase and deployment.

Unlike static testing tools, beSTORM does not require source code and can therefore be used to test extremely complicated products with a large code base. In comparison static source code testing tools must have access to the source code and testing very large code bases can be problematic. beSTORM also reduces the number of false positives by reporting only actual successful attacks.

beSTORM uses an approach known as Smart Fuzzing, which prioritizes the use of attacks that would likely yield the highest probably of product failure. These methods of testing are unique compared to older generation tools that use a fixed number of attack signatures to locate known vulnerabilities in products.

In addition, beSTORM can also be used to test proprietary protocols and specifications (textual or binary) via its Auto Learn feature. This results in a full featured, versatile, and efficient tool that can help your QA team ensure the reliability and security of your software development project.