FAQ

API fuzzing: How does beSTORM differ from API-penetration testing by scanners and DAST tools ?
API-penetration testing scanners are usually website-related APIs. beSTORM is a generic API testing application that includes but is not limited to web APIs...
Thu, 13 Jul, 2023 at 4:42 AM
If we build embedded systems using protocol stacks from well-known vendors, is fuzz testing still helpful?
Yes. As one example, if you enabled and then fuzzed jumbo packets (TCP) (which is not enabled by default on most OS systems), that would be a unique setup t...
Thu, 13 Jul, 2023 at 4:41 AM
Does beSTORM's API fuzzer perform login-authentication based on auth-methods (Oauth2, JWT tokens, cookies)?
Yes. However, it is not recommended as the number of tests per second would decrease because of authentication (considering the test duration may be long wi...
Thu, 13 Jul, 2023 at 4:45 AM
What API definition formats are supported with the API fuzzer?
beSTORM's API fuzzer supports Postman, Swagger, and OpenAPI formats.
Thu, 13 Jul, 2023 at 4:48 AM
How are payloads generated by the API fuzzer in beSTORM?
Payload types per field type as well as generic tests are conducted for all fields. Each are releated to web vulnerabilities (SQLi, XSS, Injection, etc.).
Thu, 13 Jul, 2023 at 4:50 AM
Is it possible to only run certain parts of the fuzzing module?
Yes. If you want to retest and you know the time the tests last ran, then you can return to them. To relaunch the tests and see all the attack vectors in th...
Wed, 27 Mar, 2024 at 12:52 PM
Is it possible to use the CANBUS (Over PCAN) module for CAN and CAN-FD?
Yes. The CANBUS (Over PCAN) supports use with CAN and CANFD.
Thu, 13 Jul, 2023 at 4:59 AM
DHCP server module fuzzing: Can I send traffic to the broadcast address?
No. beSTORM expects you to send traffic to the beSTORM IP and not to the broadcast address. The beSTORM DHCP Server module does not support broadcast addres...
Thu, 13 Jul, 2023 at 5:05 AM
Can I change TCP flags?
Yes. By default, TCP flags are not set. You can set and then “lock” the TCP values (for example, this method works for the TCPv4 module).
Thu, 13 Jul, 2023 at 5:19 AM
Can I make a host dynamic?
By default the flags are not set, you can set them and then “Lock” them to the value you want, this is assuming we are discussing he TCPv4 module. This also...
Thu, 13 Jul, 2023 at 5:28 AM