Dynamic, Black Box Testing on the Generic Attribute Profile (GATT)

beSTORM is the most efficient, enterprise ready and automated dynamic testing tool for testing the security of any application or product that uses the Generic Attribute Profile (GATT)

Generic Attribute Profile (GATT) is built on top of the Attribute Protocol (ATT) and establishes common operations and a framework for the data transported and stored by the Attribute Protocol. GATT defines two roles: Server and Client. The GATT roles are not necessarily tied to specific GAP roles and may be specified by higher layer profiles. GATT and ATT are not transport specific and can be used in both BR/EDR and LE. However, GATT and ATT are mandatory to implement in LE since it is used for discovering services.

The GATT server stores the data transported over the Attribute Protocol and accepts Attribute Protocol requests, commands and confirmations from the GATT client. The GATT server sends responses to requests and when configured, sends indication and notifications asynchronously to the GATT client when specified events occur on the GATT server. GATT also specifies the format of data contained on the GATT server.

Attributes, as transported by the Attribute Protocol, are formatted as services and characteristics. Services may contain a collection of characteristics. Characteristics contain a single value and any number of descriptors describing the characteristic value.

With the defined structure of services, characteristics and characteristic descriptors a GATT client that is not specific to a profile can still traverse the GATT server and display characteristic values to the user. The characteristic descriptors can be used to display descriptions of the characteristic values that may make the value understandable by the user.

beSTORM specializes in testing the reliability of any hardware or software that uses this transport protocol as well as ensuring the function and security of its implementation.

By intelligently testing up to billions of combinations of dynamically generated input, beSTORM ensures the security and reliability of your products prior to deployment. It is also used around the world by government and industry certification centers to ensure that products are secure before purchase and deployment.

Unlike static testing tools, beSTORM does not require source code and can therefore be used to test extremely complicated products with a large code base. In comparison static source code testing tools must have access to the source code and testing very large code bases can be problematic. beSTORM also reduces the number of false positives by reporting only actual successful attacks.

beSTORM uses an approach known as Smart Fuzzing, which prioritizes the use of attacks that would likely yield the highest probably of product failure. These methods of testing are unique compared to older generation tools that use a fixed number of attack signatures to locate known vulnerabilities in products.

In addition, beSTORM can also be used to test proprietary protocols and specifications (textual or binary) via its Auto Learn feature. This results in a full featured, versatile, and efficient tool that can help your QA team ensure the reliability and security of your software development project.