Codenomicon Releases Defensics X Fuzzing Platform

November 9, 2011

Tools

The new version of the security testing platform offers enhanced usability and better test coverage

OULU, Finland & SARATOGA, Calif.--(BUSINESS WIRE)-- Codenomicon, the leading vendor of proactive security testing solutions, today announced the release of Defensics X, the latest version of their security and robustness testing software. The major update introduces better coverage through infinite test case generation and usability enhancements on the user interface. Improved interoperability checks quickly adapt the tests to any test environment. Finally, new reporting functionality makes it faster to resolve all the discovered zero-day vulnerabilities.

Unknown zero-day vulnerabilities are problems that hide in software exposing them to zero-day attacks. Resolving them is the highest priority for software companies, device manufacturers and end-users such as enterprises, carriers and network operators. The new Defensics X is the answer to modern day security testing requirements. In addition to improved test coverage, Defensics X integrates feedback from hundreds of Defensics user organizations globally. These improvements provide enhancements to usability, test automation and reporting.

Obtaining the best possible test coverage is the key in effective fuzz testing. For effective unknown vulnerability management, the cyber defenders need to find all vulnerabilities hiding in software whereas hackers only need to find one to compromise the system. The more thorough the tests are, the more vulnerabilities the test automation software will find in software. With the introduction of unlimited tests, the new platform extends the usage to environments where more time is allocated for security tests.

"Unlimited test cases combine systematic tests from our model based test solutions with exponentially growing combinatory tests," says Rauli Kaksonen, Chief Architect of the Defensics platform.

While simple protocols and files are straight-forward to test, the challenges grow as the systems become more complicated. The new interoperability feature probes the target system to determine that the test tool understands its implemented features. This is especially useful in complex test setups in modern next generation networks. The interoperability feature also allows rapid introduction of fuzz testing to demanding domains such as LTE/IMS telecommunication systems and smart grid test setups.

"The new easy to use user interface with workflow based functionality and built-in interoperability checks, allows new testing professionals to quickly get up to speed with fuzzing," says Lauri Piikivi, Director of Engineering from Codenomicon.

Most security testing platforms require advanced security testing skills. Defensics aims to provide all the security know-how built into the test automation platform. The new Defensics user interface guides the user through every step of the testing process. Users can easily skip the test preparation phases they do not need. All past advanced features of Defensics are still available to those who need them.

"You don't need to be a security professional to use Defensics," says Ari Takanen, CTO of Codenomicon. "Any network engineer, system administrator or test automation professional can find zero-day vulnerabilities when armed with Defensics X," he continues.

Defensics X applies a systematic testing methodology. It tracks any found flaw back to the specific malicious input or attack that exposes the weakness. As flaws and weaknesses are revealed, Defensics captures the test results in explicit detail. Based on the results, the engineer can quickly diagnose and correct code failures. In addition, all Defensics-based tests can be fully repeated, making the platform ideal for regression testing and problem reproduction by trusted third parties.

Defensics overview is available at:

http://www.codenomicon.com/defensics/

Defensics X new features are explained at:

http://www.codenomicon.com/d10/

For more information, contact:

Ari Takanen, CTO, Codenomicon
Tel: +358-40-5067678 (EMEA and APAC)
Mary Ann Charters, Codenomicon
Tel: (408) 252-4000 (USA/Canada)
Email: info@codenomicon.com

About Codenomicon Ltd

Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero-Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, www.codenomicon.com.