Endpoint
10/6/2010
03:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Codenomicon Tools For High Speed Fuzzing

Vendor releases whitepaper reporting the findings of its performance test study

*OULU, FINLAND and CUPERTINO, CA, USA - October 6th, 2010 - *Codenomicon, a leading vendor of application security testing solutions, released a whitepaper today reporting the findings of its performance test study. The study, conducted to evaluate the suitability of the model-based fuzzing tools for high-speed software operability testing, revealed that the DEFENSICS(tm) fuzzers not only enable high-speed robustness testing, but also allow for fully scalable performance testing, when run on high-end hardware, such as the Dell(tm) PowerEdge R910 server.

"One of the most important aspects of fuzzing is how fast you can execute test cases", says Dr. Charlie Miller, principal analyst from Independent Security Evaluators. "The faster you can execute test cases, the more test cases you can run and the more vulnerabilities you will find."

According to Codenomicon, in high performance test setups, Codenomicon customers often chose to run their DEFENSICS software on Dell hardware. The tests conducted as a part of this study were also run on Dell hardware. Running DEFENSICS test tools on the Dell PowerEdge R910 platform generated more than 15.000 fuzz tests per second for the HTTP protocol running over TCP, and more than 40.000 tests per second for the DNS protocol running over UDP. The reliability and scalability of the Dell PowerEdge R910 server make it an excellent choice for software testing environments. It is also a cost effective solution for improving test throughput and result delivery.

*Increased performance decreases costs and improves reliability *

Negative software testing techniques like fuzzing use misuse cases to test software operability. Hundreds if not thousands of misuse cases need to be created for every software use case, which easily results in millions of test cases. This makes testing speed and performance crucial. Often test case generation and execution is limited by hardware resource constraints of the testing platform. DEFENSICS is a software-based solution and its performance can be scaled up simply by increasing the hardware resources. With modern state-of-the-art hardware, like the Dell PowerEdge R910 rack servers, the DEFENSICS test tools can generate thousands of sequences per second. The enhanced testing capabilities also allow for more complex anomalies to be used in security tests, which improve both test coverage and confidence in the results.

Codenomicon DEFENSICS supports more than 200 industry standard protocols. The DEFENSICS tools are designed for robustness testing, but the released study shows that they are also highly suitable for performance and load testing: by running DEFENSICS on off-the-shelf hardware high-speed tests can be conducted with only a fraction of the costs compared to tailored test appliances running on proprietary hardware. In addition, the model-based approach enables testers to also test extensions and usability with user-controlled test sequences and third-party plug-ins.

Contact Codenomicon for the latest optimal hardware configuration. For access to the full whitepaper, and more information on high-speed fuzzing, please visit: http://www.codenomicon.com/performance/

Contact Dell for more information on Dell PowerEdge servers. For more information on the R910 server, please visit: http://www.dell.com

For more information:

* Ari Takanen, CTO, Codenomicon * Tel: +358-40-5067678 (EMEA and APAC) * Tel: (408) 252-4000 (USA/Canada) * Email: info@codenomicon.com

*About Codenomicon Ltd* Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, visit www.codenomicon.com .

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?