beSTORM

beSTORM

Black Box Testing

The only fuzzing solution you will ever need

 

Your existing testing department staff can now perform comprehensive, dynamic security testing on any software or hardware - before hackers do.

 

Discover code weaknesses and certify the security strength of any product without access to source code. Test any protocol or hardware with beSTORM, even those used in IoT, process control, automotive and aerospace.

·One platform, one GUI to learn, with over 200 testing modules available to test everything

·Find the security weaknesses before deployment that are most often discovered by external actors after release

·Certify vendor components and your own applications in your own testing center

 

beSTORM - an enterprise ready, multi-protocol fuzzer.

 

Test applications and hardware with one tool

Standardize your testing procedure across all product lines and all departments.

·Automatically generate and deliver near infinite attack vectors and document any product failures

·Systematically fill the entire test sphere with billions of tests, starting with the most likely scenarios. No writing of test cases

·Record every pass/fail and hand engineering the exact command that produced each fail

 

beSTORM: Unrivalled black box testing capabilities

 

Exhaustive

Tests

Fill the entire test range automatically

Over 200 modules covering nearly every known protocol

Certify applications as robust/resistant to attack

Intelligent

Fuzzing

Starts with most common weaknesses

Documents tests completed

Fast test for use in development, comprehensive test for certification

 

In-house

Certification

Test vendor-provided components prior to acceptance

Certify your product's resistance to attack

Used by certification centers and test labs around the world

 

Test proprietary or unknown protocols

Your team can now test any software or hardware, regardless of the protocol.

·Build new test modules using protocol specifications and run exhaustive tests to confirm secure operation

·Auto Learn function for testing unknown or proprietary protocols

·Ensure integrity of non-standard, proprietary, or secret protocols

·Protocol playback mechanism

 

Confirm known and discover unknown vulnerabilities

Dynamic testing tools typically run a certain set of test cases, perhaps thousands or at best tens of thousands. beSTORM commonly performs millions and can deliver billions of attack combinations, filling the entire possible test sphere.

·Test protocols, files, hardware, DLL, API and more

·Certify a powerful, robust resistance to attack

·Show engineering what happened - provide the specific input that caused the unwanted outcome - often application crash

·Verify code repairs as complete - repeatable test runs document success/failure

 

Fast and deep testing

Run quick checks during dev to confirm that new code is fundamentally sound and perform longer test runs at final QA to catch the outlier issues.

 

·Set up testing with any of the 200+ existing modules in a matter of minutes

·Short time frame? Add additional processing power to do tens of thousands of tests per hour

·Run beSTORM longer to go deeper. Every module can deliver billions of tests. Establish high confidence that no vulnerability will be discovered in the field

 

"We are very impressed with beSTORM. One notable feature is its flexibility in adding new and proprietary protocols. We are actively expanding the usage of beSTORM in our overall

product portfolio as part of the standard security testing procedure."  – Juniper Networks

 

beSTORM Modules

Dynamic testing of any protocol, file, hardware or communication standard

 

beSTORM Test Modules List Includes Protocols, Applications, Hardware, Files, Wifi and EDSA

 

beSTORM's complete list of protocol modules makes it the most versatile, commercially available, dynamic application testing solution. Used by governments, military and major equipment manufacturers for nearly a decade, it is now available and recommended for application and equipment manufacturers for the security testing and certification of their products.

 

With one tool it is now possible for QA engineers to accomplish fast, highly accurate, dynamic security testing. Arm your QA team with a single, easy to use, multi-protocol, well developed and well supported tool that bundles into one package all of the tests and attacks that it would take hundreds of unsupported, open source fuzzers to accompllish.

 

As a true black-box testing tool beSTORM requires no access to source code and little or no training on protocols to get started with dynamic security testing. Its 'Auto Learning' feature allows it to fuzz proprietary protocols as developed for aerospace, medical and manufacturing applications and equipment.

 

beSTORM Practical Applications

beSTORM in Use

 

Below are several tutorials that exemplify just a few of the practical testing applications of beSTORM. These step-by-step guides illustrate how simple and effortless vulnerability testing with beSTORM can be. If the testing of network hardware, protocols, or black-box software programs is a security necessity for you or your organization, please take a moment to examine these guides. The contents of this page are only a few examples of beSTORMs application. For a full list please visit :  beSTORM Version Comparison.

 

Smart Fuzzing: Testing a PDF Application

 

·beSTORM, in addition to network and protocol testing, can also fuzz test file formats into their accepted applications.

·In this example, beSTORM will generate malformed PDF files which will then be tested in Adobe Acrobat via batch file.

 

Testing Hardware Firewalls with beSTORM

·Allows testing of IPv4 and IPv6 through Direct or Pass-Through testing modes.

·Also supports a variety of protocols: ARP, TCP, ICMP, UDP, HTTP and DHCP.

 

Testing HTTP with beSTORM

·Test with or without administrative access to HTTP server.

 

Testing SSL/HTTPS servers with beSTORM

·Test with or without administrative access to SSL/HTTPS server.

 

Testing IPSEC with beSTORM

·Test with or without administrative access to IPSEC server

 

Testing SSH with beSTORM

·Test with or without administrative access to SSH server.

 

Testing ICMP with beSTORM

·Test with or without administrative access to IMCP server.

 

Testing DLL / API with beSTORM

·Test with or without administrative access to dll server.