Endpoint
10/6/2010
03:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Codenomicon Tools For High Speed Fuzzing

Vendor releases whitepaper reporting the findings of its performance test study

*OULU, FINLAND and CUPERTINO, CA, USA - October 6th, 2010 - *Codenomicon, a leading vendor of application security testing solutions, released a whitepaper today reporting the findings of its performance test study. The study, conducted to evaluate the suitability of the model-based fuzzing tools for high-speed software operability testing, revealed that the DEFENSICS(tm) fuzzers not only enable high-speed robustness testing, but also allow for fully scalable performance testing, when run on high-end hardware, such as the Dell(tm) PowerEdge R910 server.

"One of the most important aspects of fuzzing is how fast you can execute test cases", says Dr. Charlie Miller, principal analyst from Independent Security Evaluators. "The faster you can execute test cases, the more test cases you can run and the more vulnerabilities you will find."

According to Codenomicon, in high performance test setups, Codenomicon customers often chose to run their DEFENSICS software on Dell hardware. The tests conducted as a part of this study were also run on Dell hardware. Running DEFENSICS test tools on the Dell PowerEdge R910 platform generated more than 15.000 fuzz tests per second for the HTTP protocol running over TCP, and more than 40.000 tests per second for the DNS protocol running over UDP. The reliability and scalability of the Dell PowerEdge R910 server make it an excellent choice for software testing environments. It is also a cost effective solution for improving test throughput and result delivery.

*Increased performance decreases costs and improves reliability *

Negative software testing techniques like fuzzing use misuse cases to test software operability. Hundreds if not thousands of misuse cases need to be created for every software use case, which easily results in millions of test cases. This makes testing speed and performance crucial. Often test case generation and execution is limited by hardware resource constraints of the testing platform. DEFENSICS is a software-based solution and its performance can be scaled up simply by increasing the hardware resources. With modern state-of-the-art hardware, like the Dell PowerEdge R910 rack servers, the DEFENSICS test tools can generate thousands of sequences per second. The enhanced testing capabilities also allow for more complex anomalies to be used in security tests, which improve both test coverage and confidence in the results.

Codenomicon DEFENSICS supports more than 200 industry standard protocols. The DEFENSICS tools are designed for robustness testing, but the released study shows that they are also highly suitable for performance and load testing: by running DEFENSICS on off-the-shelf hardware high-speed tests can be conducted with only a fraction of the costs compared to tailored test appliances running on proprietary hardware. In addition, the model-based approach enables testers to also test extensions and usability with user-controlled test sequences and third-party plug-ins.

Contact Codenomicon for the latest optimal hardware configuration. For access to the full whitepaper, and more information on high-speed fuzzing, please visit: http://www.codenomicon.com/performance/

Contact Dell for more information on Dell PowerEdge servers. For more information on the R910 server, please visit: http://www.dell.com

For more information:

* Ari Takanen, CTO, Codenomicon * Tel: +358-40-5067678 (EMEA and APAC) * Tel: (408) 252-4000 (USA/Canada) * Email: info@codenomicon.com

*About Codenomicon Ltd* Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, visit www.codenomicon.com .

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio