SlideShare a Scribd company logo

Be Storm - Automated Application/Software Vulnerability Testing

Download as PPT, PDF
Amit Shirolkar, profile picture
Amit Shirolkar

Beyond Security provides vulnerability assessment and self-management solutions. It operates SecuriTeam.com, an IT security portal, and developed beSTORM, a fuzzing tool that exhaustively tests protocols and applications to find security vulnerabilities. beSTORM found vulnerabilities in Microsoft IIS and ISA servers within minutes by generating malformed network packets and protocol sessions. It has also been used by security vendor Aladdin Knowledge Systems to validate the security of their email security product.

Technology
1 of 24
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Beyond Security Product presentation beSTORM Amit Shirolkar Avi Electronics & Networks Pvt Ltd www.AviElectronic.com www.BeyondSecurity.com www.SecuriTeam.com
About Beyond Security Provides a vulnerability assessment & self-management solutions Enables continuous network, server, database & application security Operates SecuriTeam.com, the 2nd largest IT security portal (1.5 million page views/month)‏ Privately held & profitable R&D office in Israel, sales offices in McLean, VA and Chicago, IL Sales via distribution channels in 16 countries
SecuriTeam.com - IT security portal Established in 1998 by Beyond Security's founders Trusted by hackers & security pros Provides a sustainable competitive advantage because Beyond Security learns about vulnerabilities first directly from hackers 2.3 M unique visitors in 2004 1.5 M monthly page views
Intellectual Property based on 5 years of ongoing R&D development Compiling a knowledgebase of 7,500 vulnerabilities & over 3,000 attack scripts Knowledge acquired from SecuriTeam.com since 1998 Participated in security product reviews of some of the most well-known vendors Discovered and documented dozens of security holes by our own R&D team (see: http://www.securiteam.com/advisories/)‏ Beyond Security knows vulnerabilities
What is a vulnerability? A security weakness in an application, operating system, network device or hardware This weakness can be exploited to cause harm Hundreds of vulnerabilities uncovered every year, many of them are actively exploited With development cycles growing shorter, more vulnerabilities surface Detecting vulnerabilities during development is difficult Detecting them after development is costly
Fuzzing – a Quick Overview From Wikipedia: Fuzz testing is a software testing technique. The basic idea is to attach the inputs of a program to a source of random data. If the program fails (for example, by crashing, or by failing built-in code assertions), then there are defects to correct. The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.
Types of Fuzzing There are two main type of fuzzers Standalone tools - specifically designed for a single protocol A non generic fuzzer for protocols such as: SNMP SMTP etc Fuzzing Framework A generic fuzzer that supports adding of additional protocols with ease
Types of Fuzzing - Continued Manual fuzzing Use normal client/server Observe what happens Look for interesting data (size fields, ...)‏ Change some of this data Observe what happens Semi-automatic fuzzing Have a tiny script/program Do one run, see what happens Automatic fuzzing: Use a script/program and iterate over a lot of possible outputs (can be an endless loop)‏ Just wait till something crashes
Enter SPIKE (1 st Generation Fuzzing)‏ SPIKE is a preliminary tool; unstable and finds nearly no vulnerabilities SPIKE deserves a lot of credit though, for it introduced Block-Based Protocol Analysis
2 nd Generation Fuzzing What is a 2 nd generation fuzzer? Stable fuzzer - can run continuously for weeks or months Actually find vulnerabilities First test in ways that are likely to find results (80/20 – cover 20% which is likely to find 80% of the problems)‏ Test with hundreds of thousands of attempts equal to tens of millions Don’t just “throw AAAAA’s” Distributed fuzzing Discover flaws that don't cause crashes, by cause unexpected behavior Generate intricate sessions – connect, get something from server, use it for next session ... Support output forms of not just sockets – i.e. files ...
What is beSTORM? 1/3 A unique approach to finding security holes during development: A 2 nd generation fuzzer Finds vulnerabilities by actually trying the attacks and seeing if they were successful Tests at the network/protocol level Exhaustively testing the full test-space rather than focusing on a limited number of scenarios Stable and repeatable testing for security compliance checking
What is beSTORM? 2/3 beSTORM's strong points Generates not just malformed packets but also sessions, malformed sessions include: Out of order sessions – the order at which packets from a session are sent is reversed or “randomized” Overlapping sessions – the follow-up packet re-initiates or utilizes different values that it should have Missing sessions – the session is never completed, or properly closed
What is beSTORM? 3/3 beSTORM generates session containing: One or more malformed value found inside the packet(s) – non AlphaNumeric data if such is expected One or more malformed relationship between values found inside the packet(s) – Size, description , etc related Oversized value Undersized value Non-expected value – if a session number should have been written, a non-relevant data is provided, such as in the case of reuse of previously closed session number
How Does beSTORM Work? 1/3 beSTORM works by fuzzing such protocols as: HTTP SIP (VoIP)‏ FTP, SMTP, etc Practically every possible protocol combination is sent to the application – in some cases as much as 10 10 or more combinations Covers malformed requests as well as obscure protocol features
How Does beSTORM Work? 2/3 A powerful monitor detects if even the slightest buffer overflow, format string, or similar problem occurred Runs automatically until the protocol is exhausted, trying the most probable combinations first beSTORM modules are built to recognize the protocols' inner workings and to know whether one value affects another one This causes beSTORM to further test it with the relation of other values
How Does beSTORM Work? 3/3 You can defined rules to exclude certain scenarios from occurring Don't overflow a certain value Don't try to send data in out-of-order manner etc Each module has its own rules which allows it to go through certain more probable combinations first For HTTP Overflow the URI Overflow the Host header etc
beSTORM at Work The following screenshot illustrates a malformed HTTP packets: As can be seen more than one segment of the is malformed
beSTORM Eliminates Vulnerabilities The only technology to search and find security holes: During development Without requiring the source code In a methodical way that can be reproduced Designed to be used by the developers or QA personnel
Competition Source-code audit tools: Very high false-positives rate Not scalable Do not always integrate well with source-versioning applications used by customers Cannot be used for certification/formal validation Consultants (home-made tools): Manual checks Expensive Cannot be done on frequent basis Requires disclosing possibly sensitive information with a 3 rd party
IIS Case Study When testing Microsoft's IIS web server, beSTORM detected the first buffer overflow vulnerability after only 4 ½ minutes During those 4 ½ minutes, 160,000 attack combinations were tested The buffer overflow was pinpointed and can be reproduced The vulnerability leads to remote compromise of the machine running IIS
ISA Case Study When testing Microsoft's ISA server, beSTORM detected the first logging error vulnerability after only 10 minutes During those 10 minutes, 500,000 attack combinations were tested The logging error was pinpointed and reproduced by Microsoft, an advisory is in process of being released The vulnerability allows attackers to corrupt the ISA server's log file with arbitrary characters that are normally filtered out
Aladdin Case Study Security leader turns to Beyond Security for security validation Aladdin Knowledge Systems (ALDN) uses beSTORM to perform a security audit for their eSafe email content security solution to confirm their product is free from vulnerabilities or security weaknesses beSTORM's SMTP module contains over 500,000 attack combinations
Aladdin Case Study Security leader turns to Beyond Security for security validation “ Beyond Security's vulnerability audit confirms... eSafe 4 offers our customers a virtually impregnable defense against email-based security threats.” Shimon Gruper, EVP Internet Technologies, Aladdin Knowledge Systems
Clients & Partners

More Related Content

PPT
Automated Penetration Testing With Core Impact
Tom Eston
 
PPT
MIT-6-determina-vps.ppt
webhostingguy
 
PDF
Core Impact Pro R1-Release Overview
Core Security
 
PDF
Defending Servers - Cyber security webinar part 3
F-Secure Corporation
 
PPTX
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
PPT
Running Java safely
Jane Prusakova
 
PPTX
Application Virtualization
securityxploded
 
PPTX
Commix
nullowaspmumbai
 
Automated Penetration Testing With Core Impact
Tom Eston
 
MIT-6-determina-vps.ppt
webhostingguy
 
Core Impact Pro R1-Release Overview
Core Security
 
Defending Servers - Cyber security webinar part 3
F-Secure Corporation
 
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Sonatype
 
Running Java safely
Jane Prusakova
 
Application Virtualization
securityxploded
 
Commix
nullowaspmumbai
 

What's hot (20)

PPTX
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
securityxploded
 
PPT
Analyzing internetsecurity
Dr. TJ Wolfe
 
PPTX
Web applications security conference slides
Bassam Al-Khatib
 
PDF
Reversing & malware analysis training part 10 exploit development basics
Abdulrahman Bassam
 
PPTX
Injection flaws
DANISH INAMDAR
 
PPT
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
PPTX
Advanced Malware Analysis Training Session 8 - Introduction to Android
securityxploded
 
PPT
Testingfor Sw Security
ankitmehta21
 
PPTX
How websites are attacked
Mykonos Software
 
PPT
Security Testing
Kiran Kumar
 
PPTX
Eirtight writing secure code
Kieran Dundon
 
PPTX
Confidentiality policies UNIT 2 (CSS)
Dr. SURBHI SAROHA
 
PPT
70-272 Chapter10
Gene Carboni
 
PPTX
Dll preloading-attack
Cysinfo Cyber Security Community
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPT
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
Neil Matatall
 
PDF
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
 
PPTX
Anti-Virus Evasion Techniques and Countermeasures
n|u - The Open Security Community
 
PDF
Elastix network security guide
Cristian Calderon
 
PDF
Security principles and experiences from security audit (for .NET developers)
Antti Törrönen
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
securityxploded
 
Analyzing internetsecurity
Dr. TJ Wolfe
 
Web applications security conference slides
Bassam Al-Khatib
 
Reversing & malware analysis training part 10 exploit development basics
Abdulrahman Bassam
 
Injection flaws
DANISH INAMDAR
 
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
securityxploded
 
Testingfor Sw Security
ankitmehta21
 
How websites are attacked
Mykonos Software
 
Security Testing
Kiran Kumar
 
Eirtight writing secure code
Kieran Dundon
 
Confidentiality policies UNIT 2 (CSS)
Dr. SURBHI SAROHA
 
70-272 Chapter10
Gene Carboni
 
Dll preloading-attack
Cysinfo Cyber Security Community
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
Neil Matatall
 
Ceh v5 module 14 sql injection
Vi Tính Hoàng Nam
 
Anti-Virus Evasion Techniques and Countermeasures
n|u - The Open Security Community
 
Elastix network security guide
Cristian Calderon
 
Security principles and experiences from security audit (for .NET developers)
Antti Törrönen
 
Ad

Similar to Be Storm - Automated Application/Software Vulnerability Testing (20)

PPT
BeStorm Introduction
Amit Shirolkar
 
PDF
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
PPTX
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 
PDF
Software Security Engineering (Learnings from the past to fix the future) - B...
DebasisMohanty43
 
PDF
Tech w23
SelectedPresentations
 
PDF
Owasp tds
snyff
 
PDF
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
PDF
Zen and the art of Security Testing
TEST Huddle
 
PDF
Agile Testing Pasadena JUG Aug2009
Grig Gheorghiu
 
PPT
Security Testing
ISsoft
 
PPT
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
BUSHRASHAIKH804312
 
PDF
The Most Important Thing: How Mozilla Does Security and What You Can Steal
mozilla.presentations
 
PPTX
Ebu class edgescan-2017
Eoin Keary
 
PDF
How to find Zero day vulnerabilities
Mohammed A. Imran
 
PPTX
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
PPTX
Test execution
adarsh j
 
PPT
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
PDF
Cyberlands Sales Deck
Cyberlands B.V.
 
PPT
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
PDF
Moving to Modern DevOps with Fuzzing and ML - DevOps Next
Perfecto by Perforce
 
BeStorm Introduction
Amit Shirolkar
 
Fuzzing and You: Automating Whitebox Testing
NetSPI
 
Fuzzing101: Unknown vulnerability management for Telecommunications
Codenomicon
 
Software Security Engineering (Learnings from the past to fix the future) - B...
DebasisMohanty43
 
Tech w23
SelectedPresentations
 
Owasp tds
snyff
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
Zen and the art of Security Testing
TEST Huddle
 
Agile Testing Pasadena JUG Aug2009
Grig Gheorghiu
 
Security Testing
ISsoft
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
BUSHRASHAIKH804312
 
The Most Important Thing: How Mozilla Does Security and What You Can Steal
mozilla.presentations
 
Ebu class edgescan-2017
Eoin Keary
 
How to find Zero day vulnerabilities
Mohammed A. Imran
 
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
Test execution
adarsh j
 
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
Cyberlands Sales Deck
Cyberlands B.V.
 
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
Moving to Modern DevOps with Fuzzing and ML - DevOps Next
Perfecto by Perforce
 
Ad

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Encapsulation theory and applications.pdf
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 

Be Storm - Automated Application/Software Vulnerability Testing

  • 1. Beyond Security Product presentation beSTORM Amit Shirolkar Avi Electronics & Networks Pvt Ltd www.AviElectronic.com www.BeyondSecurity.com www.SecuriTeam.com
  • 2. About Beyond Security Provides a vulnerability assessment & self-management solutions Enables continuous network, server, database & application security Operates SecuriTeam.com, the 2nd largest IT security portal (1.5 million page views/month)‏ Privately held & profitable R&D office in Israel, sales offices in McLean, VA and Chicago, IL Sales via distribution channels in 16 countries
  • 3. SecuriTeam.com - IT security portal Established in 1998 by Beyond Security's founders Trusted by hackers & security pros Provides a sustainable competitive advantage because Beyond Security learns about vulnerabilities first directly from hackers 2.3 M unique visitors in 2004 1.5 M monthly page views
  • 4. Intellectual Property based on 5 years of ongoing R&D development Compiling a knowledgebase of 7,500 vulnerabilities & over 3,000 attack scripts Knowledge acquired from SecuriTeam.com since 1998 Participated in security product reviews of some of the most well-known vendors Discovered and documented dozens of security holes by our own R&D team (see: http://www.securiteam.com/advisories/)‏ Beyond Security knows vulnerabilities
  • 5. What is a vulnerability? A security weakness in an application, operating system, network device or hardware This weakness can be exploited to cause harm Hundreds of vulnerabilities uncovered every year, many of them are actively exploited With development cycles growing shorter, more vulnerabilities surface Detecting vulnerabilities during development is difficult Detecting them after development is costly
  • 6. Fuzzing – a Quick Overview From Wikipedia: Fuzz testing is a software testing technique. The basic idea is to attach the inputs of a program to a source of random data. If the program fails (for example, by crashing, or by failing built-in code assertions), then there are defects to correct. The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.
  • 7. Types of Fuzzing There are two main type of fuzzers Standalone tools - specifically designed for a single protocol A non generic fuzzer for protocols such as: SNMP SMTP etc Fuzzing Framework A generic fuzzer that supports adding of additional protocols with ease
  • 8. Types of Fuzzing - Continued Manual fuzzing Use normal client/server Observe what happens Look for interesting data (size fields, ...)‏ Change some of this data Observe what happens Semi-automatic fuzzing Have a tiny script/program Do one run, see what happens Automatic fuzzing: Use a script/program and iterate over a lot of possible outputs (can be an endless loop)‏ Just wait till something crashes
  • 9. Enter SPIKE (1 st Generation Fuzzing)‏ SPIKE is a preliminary tool; unstable and finds nearly no vulnerabilities SPIKE deserves a lot of credit though, for it introduced Block-Based Protocol Analysis
  • 10. 2 nd Generation Fuzzing What is a 2 nd generation fuzzer? Stable fuzzer - can run continuously for weeks or months Actually find vulnerabilities First test in ways that are likely to find results (80/20 – cover 20% which is likely to find 80% of the problems)‏ Test with hundreds of thousands of attempts equal to tens of millions Don’t just “throw AAAAA’s” Distributed fuzzing Discover flaws that don't cause crashes, by cause unexpected behavior Generate intricate sessions – connect, get something from server, use it for next session ... Support output forms of not just sockets – i.e. files ...
  • 11. What is beSTORM? 1/3 A unique approach to finding security holes during development: A 2 nd generation fuzzer Finds vulnerabilities by actually trying the attacks and seeing if they were successful Tests at the network/protocol level Exhaustively testing the full test-space rather than focusing on a limited number of scenarios Stable and repeatable testing for security compliance checking
  • 12. What is beSTORM? 2/3 beSTORM's strong points Generates not just malformed packets but also sessions, malformed sessions include: Out of order sessions – the order at which packets from a session are sent is reversed or “randomized” Overlapping sessions – the follow-up packet re-initiates or utilizes different values that it should have Missing sessions – the session is never completed, or properly closed
  • 13. What is beSTORM? 3/3 beSTORM generates session containing: One or more malformed value found inside the packet(s) – non AlphaNumeric data if such is expected One or more malformed relationship between values found inside the packet(s) – Size, description , etc related Oversized value Undersized value Non-expected value – if a session number should have been written, a non-relevant data is provided, such as in the case of reuse of previously closed session number
  • 14. How Does beSTORM Work? 1/3 beSTORM works by fuzzing such protocols as: HTTP SIP (VoIP)‏ FTP, SMTP, etc Practically every possible protocol combination is sent to the application – in some cases as much as 10 10 or more combinations Covers malformed requests as well as obscure protocol features
  • 15. How Does beSTORM Work? 2/3 A powerful monitor detects if even the slightest buffer overflow, format string, or similar problem occurred Runs automatically until the protocol is exhausted, trying the most probable combinations first beSTORM modules are built to recognize the protocols' inner workings and to know whether one value affects another one This causes beSTORM to further test it with the relation of other values
  • 16. How Does beSTORM Work? 3/3 You can defined rules to exclude certain scenarios from occurring Don't overflow a certain value Don't try to send data in out-of-order manner etc Each module has its own rules which allows it to go through certain more probable combinations first For HTTP Overflow the URI Overflow the Host header etc
  • 17. beSTORM at Work The following screenshot illustrates a malformed HTTP packets: As can be seen more than one segment of the is malformed
  • 18. beSTORM Eliminates Vulnerabilities The only technology to search and find security holes: During development Without requiring the source code In a methodical way that can be reproduced Designed to be used by the developers or QA personnel
  • 19. Competition Source-code audit tools: Very high false-positives rate Not scalable Do not always integrate well with source-versioning applications used by customers Cannot be used for certification/formal validation Consultants (home-made tools): Manual checks Expensive Cannot be done on frequent basis Requires disclosing possibly sensitive information with a 3 rd party
  • 20. IIS Case Study When testing Microsoft's IIS web server, beSTORM detected the first buffer overflow vulnerability after only 4 ½ minutes During those 4 ½ minutes, 160,000 attack combinations were tested The buffer overflow was pinpointed and can be reproduced The vulnerability leads to remote compromise of the machine running IIS
  • 21. ISA Case Study When testing Microsoft's ISA server, beSTORM detected the first logging error vulnerability after only 10 minutes During those 10 minutes, 500,000 attack combinations were tested The logging error was pinpointed and reproduced by Microsoft, an advisory is in process of being released The vulnerability allows attackers to corrupt the ISA server's log file with arbitrary characters that are normally filtered out
  • 22. Aladdin Case Study Security leader turns to Beyond Security for security validation Aladdin Knowledge Systems (ALDN) uses beSTORM to perform a security audit for their eSafe email content security solution to confirm their product is free from vulnerabilities or security weaknesses beSTORM's SMTP module contains over 500,000 attack combinations
  • 23. Aladdin Case Study Security leader turns to Beyond Security for security validation “ Beyond Security's vulnerability audit confirms... eSafe 4 offers our customers a virtually impregnable defense against email-based security threats.” Shimon Gruper, EVP Internet Technologies, Aladdin Knowledge Systems

Editor's Notes

  • #25: - A new huge hole every 6-9 months -