New fuzzing platform from Codenomicon

Codenomicon released Defensics X, the latest version of their security and robustness testing software.

The update introduces better coverage through infinite test case generation and usability enhancements on the user interface. Improved interoperability checks quickly adapt the tests to any test environment. Finally, new reporting functionality makes it faster to resolve all the discovered zero-day vulnerabilities.

Unknown zero-day vulnerabilities are problems that hide in software exposing them to zero-day attacks. Resolving them is the highest priority for software companies, device manufacturers and end-users such as enterprises, carriers and network operators.

The new Defensics X is the answer to modern day security testing requirements. In addition to improved test coverage, Defensics X integrates feedback from hundreds of Defensics user organizations globally. These improvements provide enhancements to usability, test automation and reporting.

For effective unknown vulnerability management, the cyber defenders need to find all vulnerabilities hiding in software whereas hackers only need to find one to compromise the system. The more thorough the tests are, the more vulnerabilities the test automation software will find in software. With the introduction of unlimited tests, the new platform extends the usage to environments where more time is allocated for security tests.

While simple protocols and files are straight-forward to test, the challenges grow as the systems become more complicated. The new interoperability feature probes the target system to determine that the test tool understands its implemented features. This is especially useful in complex test setups in modern next generation networks.

The interoperability feature also allows rapid introduction of fuzz testing to demanding domains such as LTE/IMS telecommunication systems and smart grid test setups.

“The new easy to use user interface with workflow based functionality and built-in interoperability checks, allows new testing professionals to quickly get up to speed with fuzzing,” says Lauri Piikivi, Director of Engineering from Codenomicon.

Most security testing platforms require advanced security testing skills. Defensics aims to provide all the security know-how built into the test automation platform. The new Defensics user interface guides the user through every step of the testing process. Users can easily skip the test preparation phases they do not need. All past advanced features of Defensics are still available to those who need them.

“You don’t need to be a security professional to use Defensics,” says Ari Takanen, CTO of Codenomicon. “Any network engineer, system administrator or test automation professional can find zero-day vulnerabilities when armed with Defensics X,” he continues.

Defensics X applies a systematic testing methodology. It tracks any found flaw back to the specific malicious input or attack that exposes the weakness. As flaws and weaknesses are revealed, Defensics captures the test results in explicit detail.

Based on the results, the engineer can quickly diagnose and correct code failures. In addition, all Defensics-based tests can be fully repeated, making the platform ideal for regression testing and problem reproduction by trusted third parties.