beSTORM
Black Box Testing
The only fuzzing solution you will ever need
Your existing testing department staff can now perform comprehensive, dynamic security testing on any software or hardware - before hackers do.
Discover code weaknesses and certify the security strength of any product without access to source code. Test any protocol or hardware with beSTORM, even those used in IoT, process control, automotive and aerospace.
·One platform, one GUI to learn, with over 200 testing modules available to test everything
·Find the security weaknesses before deployment that are most often discovered by external actors after release
·Certify vendor components and your own applications in your own testing center
beSTORM - an enterprise ready, multi-protocol fuzzer.
Test applications and hardware with one tool
Standardize your testing procedure across all product lines and all departments.
·Automatically generate and deliver near infinite attack vectors and document any product failures
·Systematically fill the entire test sphere with billions of tests, starting with the most likely scenarios. No writing of test cases
·Record every pass/fail and hand engineering the exact command that produced each fail
beSTORM: Unrivalled black box testing capabilities
Exhaustive
Tests
Fill the entire test range automatically
Over 200 modules covering nearly every known protocol
Certify applications as robust/resistant to attack
Intelligent
Fuzzing
Starts with most common weaknesses
Documents tests completed
Fast test for use in development, comprehensive test for certification
In-house
Certification
Test vendor-provided components prior to acceptance
Certify your product's resistance to attack
Used by certification centers and test labs around the world
Test proprietary or unknown protocols
Your team can now test any software or hardware, regardless of the protocol.
·Build new test modules using protocol specifications and run exhaustive tests to confirm secure operation
·Auto Learn function for testing unknown or proprietary protocols
·Ensure integrity of non-standard, proprietary, or secret protocols
·Protocol playback mechanism
Confirm known and discover unknown vulnerabilities
Dynamic testing tools typically run a certain set of test cases, perhaps thousands or at best tens of thousands. beSTORM commonly performs millions and can deliver billions of attack combinations, filling the entire possible test sphere.
·Test protocols, files, hardware, DLL, API and more
·Certify a powerful, robust resistance to attack
·Show engineering what happened - provide the specific input that caused the unwanted outcome - often application crash
·Verify code repairs as complete - repeatable test runs document success/failure
Fast and deep testing
Run quick checks during dev to confirm that new code is fundamentally sound and perform longer test runs at final QA to catch the outlier issues.
·Set up testing with any of the 200+ existing modules in a matter of minutes
·Short time frame? Add additional processing power to do tens of thousands of tests per hour
·Run beSTORM longer to go deeper. Every module can deliver billions of tests. Establish high confidence that no vulnerability will be discovered in the field
"We are very impressed with beSTORM. One notable feature is its flexibility in adding new and proprietary protocols. We are actively expanding the usage of beSTORM in our overall
product portfolio as part of the standard security testing procedure." – Juniper Networks
beSTORM Modules
Dynamic testing of any protocol, file, hardware or communication standard
beSTORM Test Modules List Includes Protocols, Applications, Hardware, Files, Wifi and EDSA
beSTORM's complete list of protocol modules makes it the most versatile, commercially available, dynamic application testing solution. Used by governments, military and major equipment manufacturers for nearly a decade, it is now available and recommended for application and equipment manufacturers for the security testing and certification of their products.
With one tool it is now possible for QA engineers to accomplish fast, highly accurate, dynamic security testing. Arm your QA team with a single, easy to use, multi-protocol, well developed and well supported tool that bundles into one package all of the tests and attacks that it would take hundreds of unsupported, open source fuzzers to accompllish.
As a true black-box testing tool beSTORM requires no access to source code and little or no training on protocols to get started with dynamic security testing. Its 'Auto Learning' feature allows it to fuzz proprietary protocols as developed for aerospace, medical and manufacturing applications and equipment.
beSTORM Practical Applications
beSTORM in Use
Below are several tutorials that exemplify just a few of the practical testing applications of beSTORM. These step-by-step guides illustrate how simple and effortless vulnerability testing with beSTORM can be. If the testing of network hardware, protocols, or black-box software programs is a security necessity for you or your organization, please take a moment to examine these guides. The contents of this page are only a few examples of beSTORMs application. For a full list please visit : beSTORM Version Comparison.
Smart Fuzzing: Testing a PDF Application
·beSTORM, in addition to network and protocol testing, can also fuzz test file formats into their accepted applications.
·In this example, beSTORM will generate malformed PDF files which will then be tested in Adobe Acrobat via batch file.
Testing Hardware Firewalls with beSTORM
·Allows testing of IPv4 and IPv6 through Direct or Pass-Through testing modes.
·Also supports a variety of protocols: ARP, TCP, ICMP, UDP, HTTP and DHCP.
Testing HTTP with beSTORM
·Test with or without administrative access to HTTP server.
Testing SSL/HTTPS servers with beSTORM
·Test with or without administrative access to SSL/HTTPS server.
Testing IPSEC with beSTORM
·Test with or without administrative access to IPSEC server
Testing SSH with beSTORM
·Test with or without administrative access to SSH server.
Testing ICMP with beSTORM
·Test with or without administrative access to IMCP server.
Testing DLL / API with beSTORM
·Test with or without administrative access to dll server.