Codenomicon, a leading vendor of proactive software security testing solutions, has been selected to participate as a tool vendor in Microsoft's SDL Pro Network. The network guides and supports development teams as they integrate Microsoft's Security Development Lifecycle (SDL) into their operations. Codenomicon's fuzzing solutions complement the services provided by the SDL Pro Network by helping companies to integrate security and robustness testing into their development process and verify the quality of their software before deployment.
Fuzzing is a natural part of the SDL: the entire fuzzing methodology promotes building security into systems, instead of protecting vulnerable systems. The idea behind fuzzing is simple: unexpected data is fed to the inputs of a system and the behavior of the system is then monitored. If the system crashes, then there is a bug in the software, which could have been exploited by attackers. Codenomicon's intelligent tests are based on protocol models, thus they cover the entire protocol implementation and achieve unparalleled efficiency in finding both known and unknown vulnerabilities.
"Microsoft's SDL is the industry-leading proactive software security assurance process. By emphasizing the importance of building security into software products in every phase of the software development lifecycle, Microsoft's SDL has succeeded in making security an integral part of software development" said David Chartier, CEO of Codenomicon. "Codenomicon is proud to have been selected among the leading security vendors of the SDL Pro Network," he continues.
Fuzzing should be used in every step in the software development lifecycle, from the first unit tests performed by developers to the last acceptance tests made before the product is released. The earlier vulnerabilities are discovered the easier and cheaper it is to fix to them, thus security testing is most effective, when it is integrated into the development process. Codenomicon provides off-the-shelf tools for all standard or proprietary protocols making it easy for companies to integrate fuzzing into their SDL. Especially, as the company's intelligent fuzzers significantly reduce the test execution times.
Codenomicon Defensics is the market leading proactive fuzzing tool. The state-of-the-art protocol modeling and test generation technique ensures market leading test coverage and test efficiency. It provides better test results by finding more security issues, and in less time. Protocol sequence and test case editing enables you to customize and add test cases and scenarios. General purpose tools such as Traffic Capture Fuzzer and Defensics for XML enable users to test any type of proprietary protocols and SOAP/XML applications. Defensics products are easy to integrate into existing tool libraries provided by Microsoft and third parties. Moreover, the comprehensive reporting capabilities and flexible licensing models enable reporting and reproduction capabilities across the entire software development organization.
To read more about integrating fuzzing into the SDL download the Codenomicon SDL whitepaper from codenomicon.com/sdl-fuzzing/
About SDL Pro Network
The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL.
For more information on SDL Pro Network visit microsoft.com/security/sdl/getstarted/pronetwork.aspx
About Codenomicon Ltd
Codenomicon (codenomicon.com) develops test automation software that can be used to quickly identify security flaws in communication products and services. Its unique, model-based fuzzing technique exposes more weaknesses than any other fuzzing platform. Codenomicon is a spin-off of the widely acclaimed PROTOS project, and has 10+ years of experience in proactive security testing. Thousands of software developers, testers and security auditors in different industries around the world rely on Codenomicon Defensics to mitigate threats. For companies interested in integrating fuzzing into the SDL, Codenomicon provides off-the-shelf tools for all standard or proprietary protocols. Codenomicon also offers an extensive range of services related to product security. Full auditing services are available for all types of communication software.