Endpoint
10/6/2010
03:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Codenomicon Tools For High Speed Fuzzing

Vendor releases whitepaper reporting the findings of its performance test study

*OULU, FINLAND and CUPERTINO, CA, USA - October 6th, 2010 - *Codenomicon, a leading vendor of application security testing solutions, released a whitepaper today reporting the findings of its performance test study. The study, conducted to evaluate the suitability of the model-based fuzzing tools for high-speed software operability testing, revealed that the DEFENSICS(tm) fuzzers not only enable high-speed robustness testing, but also allow for fully scalable performance testing, when run on high-end hardware, such as the Dell(tm) PowerEdge R910 server.

"One of the most important aspects of fuzzing is how fast you can execute test cases", says Dr. Charlie Miller, principal analyst from Independent Security Evaluators. "The faster you can execute test cases, the more test cases you can run and the more vulnerabilities you will find."

According to Codenomicon, in high performance test setups, Codenomicon customers often chose to run their DEFENSICS software on Dell hardware. The tests conducted as a part of this study were also run on Dell hardware. Running DEFENSICS test tools on the Dell PowerEdge R910 platform generated more than 15.000 fuzz tests per second for the HTTP protocol running over TCP, and more than 40.000 tests per second for the DNS protocol running over UDP. The reliability and scalability of the Dell PowerEdge R910 server make it an excellent choice for software testing environments. It is also a cost effective solution for improving test throughput and result delivery.

*Increased performance decreases costs and improves reliability *

Negative software testing techniques like fuzzing use misuse cases to test software operability. Hundreds if not thousands of misuse cases need to be created for every software use case, which easily results in millions of test cases. This makes testing speed and performance crucial. Often test case generation and execution is limited by hardware resource constraints of the testing platform. DEFENSICS is a software-based solution and its performance can be scaled up simply by increasing the hardware resources. With modern state-of-the-art hardware, like the Dell PowerEdge R910 rack servers, the DEFENSICS test tools can generate thousands of sequences per second. The enhanced testing capabilities also allow for more complex anomalies to be used in security tests, which improve both test coverage and confidence in the results.

Codenomicon DEFENSICS supports more than 200 industry standard protocols. The DEFENSICS tools are designed for robustness testing, but the released study shows that they are also highly suitable for performance and load testing: by running DEFENSICS on off-the-shelf hardware high-speed tests can be conducted with only a fraction of the costs compared to tailored test appliances running on proprietary hardware. In addition, the model-based approach enables testers to also test extensions and usability with user-controlled test sequences and third-party plug-ins.

Contact Codenomicon for the latest optimal hardware configuration. For access to the full whitepaper, and more information on high-speed fuzzing, please visit: http://www.codenomicon.com/performance/

Contact Dell for more information on Dell PowerEdge servers. For more information on the R910 server, please visit: http://www.dell.com

For more information:

* Ari Takanen, CTO, Codenomicon * Tel: +358-40-5067678 (EMEA and APAC) * Tel: (408) 252-4000 (USA/Canada) * Email: info@codenomicon.com

*About Codenomicon Ltd* Codenomicon develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, visit www.codenomicon.com .

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.