Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Looking for a fuzzer/source code analyzer on customer developed code

from [Joxean Koret] Network Security [Permanent Link]
Subject: RE: Looking for a fuzzer/source code analyzer on customer developed code
Date: Tue, 18 Mar 2008 09:39:12 +0100 (CET) 
Hi,

There are many fuzzers but the most powerfull are
SPIKE and Sulley. Both of them are Open Source but
SPIKE is quite old (as the latest version is only
distributed to paying customers).

For web services fuzzing I recommend you wsFuzzer
(http://www.neurofuzz.com/modules/software/wsfuzzer.php)
by Andres Andreu. It's very good.

For a general purpose open source fuzzer, if you don't
like the previous fuzzers I pointed you, you can use
Krash fuzzer (general purpose fuzzer, included in the
Inguma project, http://inguma.sourceforge.net).

And, for source code analyzers, for C/C++ you may use
flawfinder (http://www.dwheeler.com/flawfinder/). 

Regards,
Joxean Koret

--- sudhakar@CS.Princeton.EDU escribió:




Hi all,

I am looking for a good fuzzer, against some custom
code developed 
internally. I am looking for a tool to stress test
application by:

- open many netork connections to application
- throw random data to applications to get them to
crash
- fuzz web services


   Idea is to add a quality gate for developers
before they push code out.

Does anyone have any ideas on how to approach the
problem? Any source code 
analyzer out there to do this?


Thanks in advance for your ideas.


Regards,
--Sudhakar





------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads


------------------------------------------------------------------------







      ______________________________________________ 
Enviado desde Correo Yahoo!
Disfruta de una bandeja de entrada más inteligente. 
http://es.docs.yahoo.com/mail/overview/index.html


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Pentesting tools for Linux IP Tables, Vedantam sekhar
Next by Date:  Re: anonymous Zonetransfer (AXFR) exploatation, Volker Tanger
Previous by Thread:  Re: Looking for a fuzzer/source code analyzer on customer developed code, Zed Qyves
Next by Thread:  RE: Looking for a fuzzer/source code analyzer on customer developed code, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]