• Save
BeStorm Introduction
Upcoming SlideShare
Loading in...5
×
 

BeStorm Introduction

on

  • 1,421 views

beSTORM is a security assessment tool that uncovers common security ...

beSTORM is a security assessment tool that uncovers common security
vulnerabilities in products during the development cycle. Unlike today\'s
generation of vulnerability assessment tools, beSTORM does not look for certain
attack signatures or attempt to locate known vulnerabilities in products, but rather
performs an exhaustive analysis in order to uncover new and unknown
vulnerabilities in network products. beSTORM, the Second Generation Fuzzer from Beyond Security attempts to exhaustively
check the protocol implementation of applications.

Statistics

Views

Total Views
1,421
Views on SlideShare
1,418
Embed Views
3

Actions

Likes
1
Downloads
0
Comments
0

2 Embeds 3

http://www.slideshare.net 2
http://www.docseek.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

BeStorm Introduction BeStorm Introduction Presentation Transcript

  • beSTORM
    • We specialize in vulnerabilities
    About Beyond Security
    • We specialize in vulnerabilities
    • and develop tools to find them
    About Beyond Security
  • Our Technology AVDS beSTORM SecuriTeam.com
  • Our Technology - AVDS AVDS Automated Vulnerability Detection System ("VA")‏ Know that your network is Safe‏ AVDS beSTORM SecuriTeam.com
  • Our Technology - SecuriTeam SecuriTeam.com Security portal / Knowledge Source SecuriTeam.com AVDS beSTORM
  • Our Technology - beSTORM beSTORM Product testing ("fuzzing")‏ AVDS beSTORM SecuriTeam.com
  •  
  • What is beSTORM
    • A unique approach to finding security holes in your products
    • A 2 nd generation fuzzer
    • Finds vulnerabilities by actually trying the attacks and seeing if they were successful
    • Tests at all the levels, including network, protocol, file, hardware, DLL and API
    • Exhaustively testing the full test-space rather than focusing on a limited number of scenarios
    • Stable and repeatable testing for security compliance checking
  • Attack types
    • Generates attacks containing:
      • One or more malformed value found inside the packet(s) – non AlphaNumeric data if such is expected
      • One or more malformed relationship between values found inside the packet(s) – size, description
      • Oversized value
      • Undersized value
      • Non-expected value – if expecting a session number, use non-relevant data, e.g. reuse a previously closed session number
  • What is tested
    • Generates not just malformed data but also sessions when network protocols are tested, malformed sessions include:
      • Out of order sessions – the order at which packets from a session are sent is reversed or “randomized”
      • Overlapping sessions – the follow-up packet re-initiates or utilizes different values that it should have
      • Missing sessions – the session is never completed, or properly closed
  • “ Understanding” unknown protocols
    • Learns new protocols via “auto learning”:
  • What is fuzzed
    • beSTORM works by fuzzing anything that accepts inputs:
      • HTTP, SIP (VoIP), FTP, SMTP, ...
      • GIF, BMP, TGA, ...
      • PE (EXE), UPX, ...
      • ActiveX and DLLs
    • Practically every possible combination is sent to the application – in some cases as much as 10 10 or more combinations
    • Covers malformed requests as well as obscure protocol features
  • Monitoring for vulnerabilities
    • A powerful monitor detects if even the slightest buffer overflow, format string, similar memory exceptions
    • Runs automatically until the test scenarios is exhausted, trying the most probable combinations first
  • API Fuzzing
    • Built-in DLL fuzzer allows you to easily test the internal workings of your software and hardware
  • Example
    • This illustrates a malformed HTTP packets:
    • Note that more than one segment of the packet is malformed
  • IIS Case Study
    • When testing Microsoft's IIS web server, beSTORM detected the first buffer overflow vulnerability after only 4 ½ minutes
    • During those 4 ½ minutes, 160,000 attack combinations were tested
    • The buffer overflow was pinpointed and can be reproduced
    • The vulnerability leads to remote compromise of the machine running IIS
  • Real World usage
    • beSTORM – some examples of customers currently testing hardware
      • Juniper uses it to test its products
      • University of Amsterdam RFID using it to test RFID implementations
      • Ericsson uses it as part of their security testing
    • Testing file parsers
      • In a joint cooperation with Kasparsky, beSTORM “learned” the UPX standard and is now being actively used by Kasparsky to test the roughness of their antivirus programs.