Using Mu Studio, we recently enabled one of our customers to do both functional and fuzz testing of their proxy/load-balancer (P/LB). This P/LB supports SSL termination, IPv6, Caching, Compression, WAN Acceleration & Optimization and a plethora of really cool features that enable high-volume cloud apps and web sites. What I want to talk about is our approach to testing complex products/deployments like these from both a functional and fuzz/security/resiliency testing perspective.
Archive for May 2010
Don’t use dumb packet-replay to test modern firewalls
I felt a Déjà vu moment today when one of our customers came to us asking if we can help them test Outlook Exchange traffic through their firewall with ALG and NAT turned on. They had tried to re-purpose bit-blasters, load generators, open-source and commercial packet replay tools only to find that nothing was working. Way back when I was building the IDP at OneSecure, my pre-screen interview question was this:
If you only had an [ any, any, tcp/21, allow ] rule in your packet filter, why wouldn’t FTP uploads/downloads work?
