Dynamic, Black Box Testing on the Spanning Tree Protocol (STP)

BeSTORM is the most efficient, enterprise ready and automated dynamic testing tool for testing the security of any application or product that uses the Spanning Tree Protocol (STP)

The Spanning Tree Protocol (STP) is a network protocol that builds a logical loop-free topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails. This is done without the danger of bridge loops, or the need for manual enabling or disabling of these backup links.

As the name suggests, STP creates a spanning tree within a network of connected layer-2 bridges, and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes. STP is based on an algorithm that was invented by Radia Perlman while she was working for Digital Equipment Corporation.

STP was originally standardized as IEEE 802.1D, but the functionality, spanning tree, rapid spanning tree and multiple spanning tree previously specified in 802.1D, 802.1s and 802.1w respectively has been incorporated into IEEE 802.1Q-2014

BeSTORM specializes in testing the reliability of any hardware or software that uses this transport protocol as well as ensuring the function and security of its implementation.

By intelligently testing up to billions of combinations of dynamically generated input, BeSTORM ensures the security and reliability of your products prior to deployment. It is also used around the world by government and industry certification centers to ensure that products are secure before purchase and deployment.

Unlike static testing tools, BeSTORM does not require source code and can therefore be used to test extremely complicated products with a large code base. In comparison static source code testing tools must have access to the source code and testing very large code bases can be problematic. BeSTORM also reduces the number of false positives by reporting only actual successful attacks.

BeSTORM uses an approach known as Smart Fuzzing, which prioritizes the use of attacks that would likely yield the highest probably of product failure. These methods of testing are unique compared to older generation tools that use a fixed number of attack signatures to locate known vulnerabilities in products.

In addition, B

eSTORM can also be used to test proprietary protocols and specifications (textual or binary) via its Auto Learn feature. This results in a full featured, versatile, and efficient tool that can help your QA team ensure the reliability and security of your software development project.

See how black box fuzzing can uncover unknown security gaps