Endpoint
10/6/2010
03:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Codenomicon Tools For High Speed Fuzzing

Vendor releases whitepaper reporting the findings of its performance test study

*OULU, FINLAND and CUPERTINO, CA, USA - October 6th, 2010 - *Codenomicon, a leading vendor of application security testing solutions, released a whitepaper today reporting the findings of its performance test study. The study, conducted to evaluate the suitability of the model-based fuzzing tools for high-speed software operability testing, revealed that the DEFENSICS(tm) fuzzers not only enable high-speed robustness testing, but also allow for fully scalable performance testing, when run on high-end hardware, such as the Dell(tm) PowerEdge R910 server.

"One of the most important aspects of fuzzing is how fast you can execute test cases", says Dr. Charlie Miller, principal analyst from Independent Security Evaluators. "The faster you can execute test cases, the more test cases you can run and the more vulnerabilities you will find."

According to Codenomicon, in high performance test setups, Codenomicon customers often chose to run their DEFENSICS software on Dell hardware. The tests conducted as a part of this study were also run on Dell hardware. Running DEFENSICS test tools on the Dell PowerEdge R910 platform generated more than 15.000 fuzz tests per second for the HTTP protocol running over TCP, and more than 40.000 tests per second for the DNS protocol running over UDP. The reliability and scalability of the Dell PowerEdge R910 server make it an excellent choice for software testing environments. It is also a cost effective solution for improving test throughput and result delivery.

*Increased performance decreases costs and improves reliability *

Negative software testing techniques like fuzzing use misuse cases to test software operability. Hundreds if not thousands of misuse cases need to be created for every software use case, which easily results in millions of test cases. This makes testing speed and performance crucial. Often test case generation and execution is limited by hardware resource constraints of the testing platform. DEFENSICS is a software-based solution and its performance can be scaled up simply by increasing the hardware resources. With modern state-of-the-art hardware, like the Dell PowerEdge R910 rack servers, the DEFENSICS test tools can generate thousands of sequences per second. The enhanced testing capabilities also allow for more complex anomalies to be used in security tests, which improve both test coverage and confidence in the results.

Codenomicon DEFENSICS supports more than 200 industry standard protocols. The DEFENSICS tools are designed for robustness testing, but the released study shows that they are also highly suitable for performance and load testing: by running DEFENSICS on off-the-shelf hardware high-speed tests can be conducted with only a fraction of the costs compared to tailored test appliances running on proprietary hardware. In addition, the model-based approach enables testers to also test extensions and usability with user-controlled test sequences and third-party plug-ins.

Contact Codenomicon for the latest optimal hardware configuration. For access to the full whitepaper, and more information on high-speed fuzzing, please visit: http://www.codenomicon.com/performance/

Contact Dell for more information on Dell PowerEdge servers. For more information on the R910 server, please visit: http://www.dell.com

For more information:

* Ari Takanen, CTO, Codenomicon * Tel: +358-40-5067678 (EMEA and APAC) * Tel: (408) 252-4000 (USA/Canada) * Email: info@codenomicon.com

*About Codenomicon Ltd* Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, visit www.codenomicon.com .

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.