Codenomicon gets fuzzy on security testing

Fuzz testing – aka fuzzing - is a software testing technique that is usually automated or semi-automated and involves providing invalid, unexpected, or random data to the inputs of an application. The application is then monitored for exceptions such as crashes or failing built-in code assertions.

According to the Finnish IT security firm, obtaining the best possible test coverage is the key in effective fuzz testing and, for effective unknown vulnerability management, cyber defenders need to find all vulnerabilities hiding in software - whereas hackers only need to find one to compromise the system.

The more thorough the tests are, says Codenomicon, the more vulnerabilities the test automation software will find in software. With the introduction of unlimited tests, the firm adds, the new platform extends the usage to environments where more time is allocated for security tests.

The major update, the firm goes on to say, introduces better coverage through infinite test case generation and usability enhancements on the user interface, as well as speeding up the software’s ability to resolve all the discovered zero-day vulnerabilities.

Rauli Kaksonen, chief architect of the Defensics platform, says that the unlimited test cases facility within the testing software combines systematic tests from Codenomicon’s model-based test solutions with exponentially growing combinatory tests.

While simple protocols and files are straightforward to test, Kaksonen adds that the challenges grow as the systems become more complicated.

The new interoperability feature, he explained, probes the target system to determine that the test tool understands its implemented features.

This is especially useful in complex test set-ups in modern next generation networks and the interoperability feature also allows for rapid introduction of fuzz testing to demanding domains such as LTE/IMS telecommunication systems and smart grid test set-ups.

Ari Takanen, Codenomicon’s CTO, says that users don't need to be a security professional to use the Defensics platform.

“Any network engineer, system administrator or test automation professional can find zero-day vulnerabilities when armed with Defensics X", he explained.

What’s Hot on Infosecurity Magazine?