[fuzzing] Commercial Fuzzers

[J. M. Seitz]

I do know that Codenomicon allows you to do a free trial for a time, no
offense to anyone on the list, I didn't feel that it was a great fuzzer, and
frankly I wrote a comparable one in Python (w/Peach) in a few hours, the
particular one that I tried was for HTTP. As well, there is a company that
builds a fuzzing appliance but the name eludes me currently.

The problem with these tools are they are rediculously expensive, you are
better off hiring someone as a contract programmer to develop your own
fuzzer that will do EXACTLY what you want, with the instrumentation you
need. I am willing to bet that the costs will be lower (worst case the same)
and you will be using something that does what you and your QA/security team
need. 

Anyone have any other thoughts? 

JS 

-----Original Message-----
From: Jared DeMott [mailto:demottja at msu.edu] 
Sent: Wednesday, March 21, 2007 10:37 AM
To: Tom Keetch
Cc: fuzzing at whitestar.linuxbox.org
Subject: Re: [fuzzing] Commercial Fuzzers

Tom Keetch wrote:
> Hey,
>
> I'm looking to see what people think of current commercial fuzzers, 
> are they worth the money? Are they too hard to use? What features do they
lack.
>
> Be grateful for any input,
>   
Great question.  I've been wanting to do a commercial fuzzer
survey/comparison for a long time, but I've had two problems:
1.) No time currently
2.) They cost money

Any vendors out there have suggestions on how we might solve these two
problems?

> Many Thanks,
>
> Tompsci
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
>
>   

_______________________________________________
fuzzing mailing list
fuzzing at whitestar.linuxbox.org
http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing