FAQ
API-penetration testing scanners are usually website-related APIs. beSTORM is a generic API testing application that includes but is not limited to web APIs...
Thu, 13 Jul, 2023 at 4:42 AM
Yes. As one example, if you enabled and then fuzzed jumbo packets (TCP) (which is not enabled by default on most OS systems), that would be a unique setup t...
Thu, 13 Jul, 2023 at 4:41 AM
Yes. However, it is not recommended as the number of tests per second would decrease because of authentication (considering the test duration may be long wi...
Thu, 13 Jul, 2023 at 4:45 AM
beSTORM's API fuzzer supports Postman, Swagger, and OpenAPI formats.
Thu, 13 Jul, 2023 at 4:48 AM
Payload types per field type as well as generic tests are conducted for all fields. Each are releated to web vulnerabilities (SQLi, XSS, Injection, etc.).
Thu, 13 Jul, 2023 at 4:50 AM
Yes. If you want to retest and you know the time the tests last ran, then you can return to them. To relaunch the tests and see all the attack vectors in th...
Wed, 27 Mar, 2024 at 12:52 PM
Yes. The CANBUS (Over PCAN) supports use with CAN and CANFD.
Thu, 13 Jul, 2023 at 4:59 AM
No. beSTORM expects you to send traffic to the beSTORM IP and not to the broadcast address. The beSTORM DHCP Server module does not support broadcast addres...
Thu, 13 Jul, 2023 at 5:05 AM
Yes. By default, TCP flags are not set. You can set and then “lock” the TCP values (for example, this method works for the TCPv4 module).
Thu, 13 Jul, 2023 at 5:19 AM
By default the flags are not set, you can set them and then “Lock” them to the value you want, this is assuming we are discussing he TCPv4 module. This also...
Thu, 13 Jul, 2023 at 5:28 AM