Topics of Interest
- Application Protocol Fuzzing
- Cloud Computing and Virtualization
- Custom Applications and Attacks
- Cyber Warfare
- Data Center Planning and Consolidation
- DDoS and Botnet Simulation
- Deep Packet Inspection
- IPTV
- IPv4/IPv6
- Layer 2-7
- Network Traffic Generation
- Performance Testing
- Security Updates
- Server Load Testing
- VoIP
- 10/40/100 GigE
Devices
Bringing Clarity to Application Fuzzing
Application fuzzing is a critical element in any test scenario and it is a topic we have brought up here on the blog several times, which has generated great interest throughout the industry. With that in mind, I was excited to read the latest “how-to” guide from BreakingPoint Labs’ Sean Bradly. This in-depth guide details how-to use the application fuzzing and BlockFuzzer functionality within BreakingPoint Elite. As Sean writes in the paper, "...fuzzing has long been a part of any security auditor’s handbook. However, it is also a terrific tool to use during the QA process since application fuzzing, through providing malicious or malformed data packets, can quickly determine performance issues and reveal bugs."
Sean’s tech brief is one of several we are developing that go into more depth around different testing functionality within BreakingPoint Elite. As you remember, Dustin D. Trammell and Todd Manning had a deep dive into simulating Distributed Denial of Service (DDoS) attacks a few weeks back and next week we will be publishing several additional security and application protocol briefs.
Head on over to download Sean’s paper and start fuzzing.
Botnet SQL Injection
Some historical/observational analysis of the vector is over here -- http://technicalinfodotnet.blogspot.com/2009/06/bonet-sql-injection-conficker.html
Tags: blog post // application protocol fuzzing //