[Dailydave] From blackbox to grey-box during Web App tests
J.M. Seitz
lists at bughunter.ca
Fri Oct 12 10:54:34 EDT 2007
> PaiMei and BinNavi are fuzzer trackers, as I explained. gcov
> is more of a basic line coverage tool, isn't it? See:
> http://bullseye.com/coverage.html
I can't speak for BinNavi, but PaiMei isn't just a fuzzer tracker, code
coverage is useful from an RE perspective as well if you are trying to hone
in on particular pieces of logic within a binary. DeMott's EFS relies
heavily on PaiMei's code coverage abilities to determine fitness for its
fuzzing runs, that's just an example.
Gcov is a whitebox code coverage tool, and there are some interesting tools
from Compuware that integrate directly into your VS 2005 environment to give
you code coverage metrics.
I guess I am not too sure how useful that Tracer is, the more I have thought
about it, the more I like Dave's idea of having a filter on the running
server (database), that captures all SQL queries that made it into the
server, and reporting the results back that match an injection. To take this
a step further you could also hook into the application server itself and
hook file creation, process creation, etc.
JS
More information about the Dailydave
mailing list