Codenomicon release its Universal Fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features.
“Hackers use fuzzing to find unknown, zero-day vulnerabilities, which they exploit with corrupt files and protocol attacks to attack corporate networks,” says Ari Takanen, CTO of Codenomicon. “These attacks are difficult to block, but by fuzzing their software proactively companies and software vendors can get rid of vulnerabilities, before hackers have a chance to exploit them.”
The Universal Fuzzer can be used to test everything that can be presented in a file format, such as image files, captured protocol messages, text documents and wireless frames. It creates test cases from sample files, such as pdf-documents, media files and protocol files.
Unlike most file format fuzzers, which perform random mutation, the Universal Fuzzer uses heuristics to determine the structure of the sample files, thus it is able to generate more intelligent, targeted test cases and discover more vulnerabilities. The coverage of the tests is further improved by combining the abilities of 15 different fuzzers.
The Universal Fuzzer is an easy and flexible solution for performing fuzzing. It does not require any protocol specific customization. Test cases are automatically generated from sample template files.
The Codenomicon’s Defensics graphical user interface, automated test generation, execution and the reporting features make it easy to test with 15 fuzzers simultaneously. After the tests run, the user simply clicks on a link in the report to reproduce found vulnerabilities.
The release of Universal Fuzzer completes Codenomicon’s portfolio of all-purpose fuzzers. With the Codenomicon XML and Traffic Capture Fuzzers, users have already been able to test any XML application or communication protocol.
Now with the arrival of the Universal Fuzzer users can test all types of software. This is good news for companies testing to ensure that the security and robustness of their client-side systems and security solutions are safe.