Re: Looking for a fuzzer/source code analyzer on customer developed code

Dunno if it's what you really need, but had the same need
time ago.
I solved it with a script that put in parallel many bash scripts
(in Linux off course) that used netcat, dd and a small implemetation
of the mersenne twister random number generator
(http://www.emcy.it/wiki/doku.php?id=prod:produzioni_minori#mtrng)
since /dev/random was not strong/fast enougth

Just fire the generator, put in pipe with dd if you whant to limit the
ammount of data with the count parameter, then pipe to netcat to
connect it to your server

Hope it helps

=M=


2008/3/17, sudhakar@xxxxxxxxxxxxxxxx <sudhakar@xxxxxxxxxxxxxxxx>:


Hi all,

I am looking for a good fuzzer, against some custom code developed
internally. I am looking for a tool to stress test application by:

- open many netork connections to application
- throw random data to applications to get them to crash
- fuzz web services


Idea is to add a quality gate for developers before they push code out.

Does anyone have any ideas on how to approach the problem? Any source code
analyzer out there to do this?


Thanks in advance for your ideas.


Regards,
--Sudhakar



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • RE: Block OS Detection
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Astalavista?
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Security Grade
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Fast UDP scan
    ... Need to secure your web apps NOW? ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution ... buy it or download a solution FREE today! ...
    (Pen-Test)