beStorm Speeds Up Bug Discovery In Applications

NORTHBROOK, IL, June 25, 2007 - Beyond Security is using a common hacker technique to help software developers and testers weed out glitches in applications that could later become the target of exploits.

The idea behind the technique, called "fuzzing," is to take a certain request—between a Web browser and server, for example—and modify it so that it's slightly different from what one side expects. Although time-consuming, fuzzing can yield interesting results that point to security vulnerabilities, causing servers to crash or applications to provide access to unauthorized users, said Aviram Jenik, CEO of Beyond Security.

With beStorm 2.0, Beyond Security is introducing 'smart' black-box testing, which begins by fuzzing a small group of known attack vectors in order to speed up the process of finding the majority of undiscovered vulnerabilities, Jenik said.

"This method can give you an idea or metric to measure what your risks are. You can run the test inside an hour to give you a rough idea of what vulnerabilities exist," Jenik said.

The technique is especially suited to testing devices with limited processing power such as printers and VoIP phones, he added.

Once this initial phase is completed, beStorm then attempts to fuzz every combination within a protocol in order to find unknown vulnerabilities, Jenik said. For example, with FTP, there are 10 million testing scenarios that are valid within the protocol, he said. "You're not drilling for oil, but covering the whole area and checking the whole application, which is what you want if you're the 'good guy' and want to uncover all vulnerabilities," Jenik said.

Brandon Buhai, COO at Beyond IP, a Chicago-based solution provider, said Beyond Security has built a lot of automation into its technology, but not at the expense of accuracy. "At the end of the day, you're able to eradicate all vulnerabilities and stop things like backdoors and intruders from getting on the network," he said.

Beyond Security currently packages beStorm as Windows server software but plans to eventually target VARs and integrators with a plug-and-play appliance, Jenik said. "You could plug in particular protocols or applications you wanted to test, and this could become part of the life-cycle management of the various protocol tests that you run," he said.

About Beyond-IP, LLC

For organizations concerned about regulatory compliance or dissatisfied with the network security audit services provided by their consulting firms, Beyond-IP provides an Automated Vulnerability Management Appliance that provides a higher quality, lower cost network vulnerability assessment and management than any other alternative. The Automated Vulnerability Management Appliances performs a security mapping of your network and simulates attacks originating from either the internal or the external network. Once the security scanning is complete, the software generates a detailed vulnerability report specifying the security breaches, along with practical solutions to fix those vulnerabilities. Beyond-IP’s solutions allow simplified measurement, monitoring and management of vulnerabilities over time. To learn more, visit www.beyond-ip.com.

About Beyond Security

Beyond Security is a leading provider of security assessment technologies. Beyond Security specializes in developing solutions for network security, providing detection and prevention tools. Solutions include internal network, external network and product security audits. Beyond Security owns and administers the world’s largest independent security portal -- SecuriTeam.com. This portal gives security professionals from around the world critical information on new security threats and vulnerabilities, and it provides background data, fixes, patches and workarounds to identified threats, 24 hours a day, 365 day a year, making it one of the most comprehensive security resources in the world. SecuriTeam currently receives over one million unique page impressions per month from security professionals worldwide and it contains over 6,500 pages of linked. To learn more, visit www.SecuriTeam.com

Contact for Beyond-IP, LLC

Ben Bradley
ben@maconraine.com
630-221-9844