Context Information Security has been presenting its latest Windows security assessment tool at Black Hat Europe this week in Amsterdam. CANAPE extends the functionality of existing web application testing tools such as CAT, Burp or Fiddler in order to analyse complex network protocols.
“Testing and exploiting binary network protocols can be both complex and time consuming,” says Michael Jordon, research and development manager at Context. “In most cases, custom software needs to be developed to proxy, parse and manipulate the traffic; but CANAPE provides a simple user interface that facilitates the capture and replaying of binary network traffic, whilst delivering a powerful framework to develop parsers and fuzzers.”
Context has been showcasing CANAPE in the famous Black Hat Arsenal event that allows independent researchers and the open source community to demonstrate their latest tools. Michael Jordon and James Forshaw, senior security consultant at Context, are also presenting CANAPE to the Black Hat conference audience today, on Friday 16 March. The presentation will include a worked example of using CANAPE to analyse the Citrix ICA binary protocol, allowing the discovery of a known heap corruption bug that can be used to gain remote code execution on Citrix clients.
Context (contextis.com) was launched in 1998 and has a client base that includes some of the world’s most high profile blue chip companies, alongside government organisations. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents. The company’s strong track record is based above all, on the technical skills, professionalism, independence and integrity of its consultants.
Many of the world's most successful organisations turn to Context for technical assurance, incident response and investigation services. Context is also at the forefront of research and development in security technology. As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants are frequently invited to present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services t and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.
Issued by: Context Information Security
For more information for editors, please contact:
Peter Rennison, PRPR, T: + 44 (0)1442 245030 - E: pr[.]prpr.co.uk.