KBTAG: kben10000083
URL: http://www.securityportal.com/lskb/10000050/kben10000083.html
Date created: 17/07/2000
Date modified: 10/06/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Testing software for security problems
Keywords: Software
There are a variety of common errors programmers make that leave software vulnerable to attacks. There are also tools to help find these problems and show the existence of other issues.
Written by Ben Woodward, fuzz is a semi-intelligent program that feeds garbage, random, and other pseudo-hostile inputs and sees how the program reacts (i.e. does it dump core and have a heart attack?). fuzz is available from: http://fuzz.sourceforge.net.
ITS4
ITS4 will look for a variety of common problems, you can get it at: http://www.cigital.com/its4/.
Pscan
Another software scanner, similar to ITS4.
http://www.striker.ottawa.on.ca/~aland/pscan/
BFBTester
Not available for Linux yet, but should be ported soon.