Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 May 2015 13:50:54 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Matthias Apitz <guru@unixarea.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: looking for software to harden TCP/IP client-server application
Message-ID:  <20150521135054.87c97a4e.freebsd@edvax.de>
In-Reply-To: <20150521060204.GA2203@c720-r276659>
References:  <20150521060204.GA2203@c720-r276659>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, 21 May 2015 08:02:04 +0200, Matthias Apitz wrote:
> 
> Hello,
> 
> I'm working for a company which develops since "ages" a client-server
> application: Windows/UNIX Java or Perl written clients are connecting to
> defined TCP ports where C/C++ written servers are doing LISTEN and serving the
> connecting clients. The designed protocol is human readable and an
> example is in clear text (normally SSL is used to protect the
> data against network sniffing) here: http://www.unixarea.de/slnp.txt
> 
> What I'm looking for is some (hopefully FreeBSD) software to harden the
> server side against attacks of all kind of buffer overflow, SQL injection,
> etc.
> 
> Any ideas?

Fuzzing tools are the first things I would think of. Because
this is _not_ a web application, tools designed to harden
web-based systems probably don't work here (Burp Suite, for
example).

The ports collection has security/fuzz, security/fuzzdb, and
security/honggfuzz. AFL is also worth lookin at - try if it
compiles on FreeBSD (it's a Linux program). Here's the source:

http://lcamtuf.coredump.cx/afl/



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20150521135054.87c97a4e.freebsd>