Title: Testing software for security problems

KBTAG: kben10000083
URL: http://www.securityportal.com/lskb/10000050/kben10000083.html
Date created: 17/07/2000
Date modified: 10/06/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Testing software for security problems
Keywords: Software

Summary:

There are a variety of common errors programmers make that leave software vulnerable to attacks. There are also tools to help find these problems and show the existence of other issues.

More information:

fuzz

Written by Ben Woodward, fuzz is a semi-intelligent program that feeds garbage, random, and other pseudo-hostile inputs and sees how the program reacts (i.e. does it dump core and have a heart attack?). fuzz is available from: http://fuzz.sourceforge.net.

ITS4

ITS4 will look for a variety of common problems, you can get it at: http://www.cigital.com/its4/.

Pscan

Another software scanner, similar to ITS4.

http://www.striker.ottawa.on.ca/~aland/pscan/

BFBTester

Not available for Linux yet, but should be ported soon.

http://my.ispchannel.com/~mheffner/bfbtester/