Automated penetration testing tools

Codenomicon released a toolkit for automated penetration testing which eliminates unnecessary ad-hoc manual testing. The required expertise is built into the tools making efficient penetration testing available for all. The new solution makes fuzzing an affordable solution for consultants.

When conducted manually, penetration testing requires substantial knowledge of the systems that are tested. Thus, most penetration testers only feel comfortable testing web applications. Codenomicon’s penetration testing solution utilizes a unique fuzz testing technique, which learns the tested system automatically enabling penetration testers to enter new domains such as VoIP assessment or to start testing industrial automation solutions and wireless technologies. Test automation increases the test coverage of penetration tests.

One of the key components of the penetration testing solution is the Network Analyzer, which enables you to map real network traffic and to determine what really needs to be tested. It automates the work-flow for threat analysis and attack surface analysis. Thus, you can target your tests and reduce test run times without compromising test coverage.

The penetration kit is an adjustable package with flexible project-based licensing, answering your changing penetration testing needs. The test suite package contains a combination of systematic model-based fuzzers, which best suit your current testing needs. In addition, the Defensics Traffic Capture and XML Fuzzers enable you to test any protocol or XML application.

“You don’t need to be an expert to use Codenomicon solutions such as Defensics fuzzers or our Network Analyzer” says Ari Takanen, CTO of Codenomicon. “But professional security testers will also benefit from our new tools. The tools quickly find around 95% of easy flaws allowing specialists to focus on vulnerabilities that are harder to find.”