Penetration Testing mailing list archives
Re: Looking for a fuzzer/source code analyzer on customer developed code
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Tue, 18 Mar 2008 14:14:41 +0200
Hello Sudhakar, Regarding webservices I have used WSDigger from Foundstone (http://www.foundstone.com/us/resources/proddesc/wsdigger.htm) but I have also heard success stories with wsfuzzer (http://www.neurofuzz.com/modules/software/wsfuzzer.php) as well. regarding fuzzing I would go with sulley for intelligent fuzzing such as session retention, session control, callbacks and the such. Other fuzzers I had success with are jbrofuzz from owasp and taof (the art of fuzzing). the latter 2 work really well with text-based protocols and on simple calls and do not need the initial learning curve that one will definately need with sulley. for http fuzzing paros scanner will also take you a good distance. Lastly for network connection stress testing I would use something as simple as blast from from foundstone. regards, ./ZQ On Mon, Mar 17, 2008 at 10:57 PM, <sudhakar () cs princeton edu> wrote:
Hi all, I am looking for a good fuzzer, against some custom code developed internally. I am looking for a tool to stress test application by: - open many netork connections to application - throw random data to applications to get them to crash - fuzz web services Idea is to add a quality gate for developers before they push code out. Does anyone have any ideas on how to approach the problem? Any source code analyzer out there to do this? Thanks in advance for your ideas. Regards, --Sudhakar ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- --------------------------------------------------------------------- Κρέων ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον. Οιδίπους Τύρρανος [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek Shall find; unsought, we lose it utterly. Oedipus Rex [110] ---------------------------------------------------------------------
Current thread:
- Looking for a fuzzer/source code analyzer on customer developed code sudhakar (Mar 18)
- Re: Looking for a fuzzer/source code analyzer on customer developed code Marco Crotta (Mar 18)
- Re: Looking for a fuzzer/source code analyzer on customer developed code Zed Qyves (Mar 18)
- RE: Looking for a fuzzer/source code analyzer on customer developed code Joxean Koret (Mar 18)
- RE: Looking for a fuzzer/source code analyzer on customer developed code Gadi Evron (Mar 18)