beSTORM Product Line
beSTORM is sold by 'seat' and by range of protocols, servers, transport layers and files
Description |
beSTORM Trial |
beSTORM Professional |
beSTORM Web Applications |
General Purpose Fuzzer | ![]() |
![]() |
N/A |
Network Protocol Fuzzing | ![]() |
![]() |
N/A |
DLL / API Fuzzing | ![]() |
![]() |
N/A |
ActiveX Fuzzing | ![]() |
![]() |
N/A |
Client side Network fuzzing | ![]() |
![]() |
N/A |
File fuzzing | Partial | ![]() |
N/A |
80-20 approach to finding vulnerability: 4 levels of testing on the protocols (known vulnerabilities, simple implementation, full RFC (+extension) implementation, and quirks (Special cases in special products). | Partial | ![]() |
![]() |
Development Language independent | ![]() |
![]() |
![]() |
Does not require source code | ![]() |
![]() |
![]() |
Linux/Unix and Windows support | Only Windows | ![]() |
![]() |
Supports predefined protocols Low-level Network:
|
![]() |
![]() |
N/A |
Integrated tests for known vulnerabilities with full information from CVE | ![]() |
![]() |
![]() |
Reproducible tests | ![]() |
![]() |
![]() |
Easily export test case to Perl scripts and generate binary data of tests | ![]() |
![]() |
![]() |
Supports binary protocols | ![]() |
![]() |
![]() |
Session based protocols | ![]() |
![]() |
![]() |
Standard encryption support | ![]() |
![]() |
![]() |
Intelligent module structure (Supporting length/offset dependencies, element counters, duplications, encoders etc.) | ![]() |
![]() |
![]() |
High throughput and speed. Supports specifying the optimal connection to a specific server. | ![]() |
![]() |
![]() |
Easily adaptable to a new testing environment | ![]() |
![]() |
![]() |
Hands free testing (ability to automatically stop and restart the test according to monitored results). | ![]() |
![]() |
![]() |
Batch mode support (auto-resume testing upon crash) | ![]() |
![]() |
![]() |
Custom Module support - build your own proprietary modules for in-house protocols, extensions, file formats and API definitions | ![]() |
![]() |
![]() |
Tailored attack types (sql injection, cross site scripting, format string, add your own) | ![]() |
![]() |
![]() |
Add External DLL calls to your modules (special encryption, file/net operation, custom libraries) | ![]() |
![]() |
![]() |
Custom vulnerability detection support | ![]() |
![]() |
![]() |
Buffer overflow attacks | ![]() |
![]() |
![]() |
Integer overflows / underflows attacks | ![]() |
![]() |
N/A |
Format string attacks | ![]() |
![]() |
N/A |
Null byte attacks | ![]() |
![]() |
N/A |
Buffer poisoning attacks | ![]() |
![]() |
![]() |
Off-by-one attacks | ![]() |
![]() |
N/A |
Malformed encoding attacks | ![]() |
![]() |
![]() |
Extended functionality to modules through standard win32 api, openssl, Unix | ![]() |
![]() |
![]() |
Bookmarks - allows to go back in time to previous tests and regenerate scenarios | ![]() |
![]() |
![]() |
Advanced optimization - allowing faster results by focusing tests on prime subset of tests | ![]() |
![]() |
![]() |
Supports IPv6, IPv4 | IPv4 only | ![]() |
![]() |
Auto Learn - Wizard to build new modules (of any type) | ![]() |
![]() |
![]() |
"Packet capture to beSTORM module" converter (to easily create a beSTORM custom module) | ![]() |
![]() |
![]() |
Graphical representation of module and attack vectors | ![]() |
![]() |
![]() |
Automatically control speed testing settings from monitor | ![]() |
![]() |
![]() |
Change test cases/order depending on result | ![]() |
![]() |
![]() |
Monitoring tool to examine tested application | ![]() |
![]() |
![]() |
Ability to implement your own monitor and integrate with beSTORM Client | ![]() |
![]() |
![]() |
gdb integration | ![]() |
![]() |
![]() |
Ollydbg integration | ![]() |
![]() |
![]() |
WinDBG integration | ![]() |
![]() |
![]() |
beSTORM Monitor |
|||
Linux/Unix and Windows support | ![]() |
![]() |
![]() |
Both console and Windows GUI versions | ![]() |
![]() |
![]() |
Auto-starts tested application in case of crash | ![]() |
![]() |
![]() |
Catches exceptions | ![]() |
![]() |
![]() |
Catches buffer overflows | ![]() |
![]() |
![]() |
Catches buffer overruns | ![]() |
![]() |
![]() |
Reports on cpu/memory usage | ![]() |
![]() |
![]() |
Parses log files | ![]() |
![]() |
![]() |