"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


Codenomicon Defensics

Proactive security and robustness testing

If you already are a Defensics user, log in to the arena to download the latest Defensics version.

Codenomicon Defensics continues to lead the space in unknown vulnerability management. The Defensics test platform provides the highest quality preemptive security testing for network equipment manufacturers, operators, consumer electronics companies, enterprises and governmental organizations. Companies rely on Codenomicon's Defensics solutions to mitigate threats to their business reputation and sales.

Based on the security test automation technique called fuzzing, Defensics systematically sends invalid or unexpected inputs to the system under test exposing software defects and vulnerabilities more effectively than any other solution in the market.

With Codenomicon Defensics you can proactively discover exploitable zero day (0-day) vulnerabilities. With the rise of state sponsored hacking and unprecedented levels of hacktivism it has become ever more important to manage your threat exposure using advanced technologies, like those we offer here at Codenomicon.

Defensics Feature Highlights

  • Extensive Protocol Coverage

    Defensics generational (model based) fuzz testing modules are available in over 200 standard network protocols. These tests can be further enhanced with Defensics Universal and Traffic Capture fuzzing modules, with which you can now fuzz any network protocol, service interface or application file format.

  • Fully model-based fuzzers

    Defensics test suites are based on deep protocol models. Test cases are created automatically, no need for manual test case creation! Model-based fuzzers emulate a protocol or file format interface, allowing them to understand the inner workings of the tested interface. For this reason, tests are able to penetrate much deeper within the system under test, reaching all the way into the state machine and even output generation routines.

  • Intuitive and extensible

    Easy to use test solution gets you up-to-speed quickly. Clear and logical user interface will guide you through every step of the testing process. A command-line interface that supports third party tools and scripts is also available.

  • Fast, automated test runs

    The faster you can execute tests, the more tests you can run and more vulnerabilities you will find. Defensics can generate and run thousands of test cases per second! Read more about Fuzzing performance.

  • Accurate, actionable reports

    Defensics provides accurate reports that are easy to interpret and act upon. The reports have direct links to test cases identifying specific problems, which helps sharing detailed test results within your organization. Identified flaws are absolutely repeatable and traceable. The immediate failure reproduction facilitates prompt reaction and fix verification.

  • Statistics from Defensics Vulnerability Network

    Defensics vulnerability network helps you compare your product's security testing stats to others. It offers visibility to the test data from the whole Defensics users’ community.

  • SafeGuard Feature

    Used in the initial Heartbleed discovery, the SafeGuard feature automatically analyses and interprets system responses to Defensics test cases revealing subtle, yet critical information leakage errors.

Read more about Defensics > features in detail

Usage scenarios

Defensics testing solutions are used by leading software manufacturers, operators, service providers and government labs to secure critical networks and to provide robust and reliable products and services.

Learn more about Defensics usage by different audiences:

Unknown vulnerability management

Since the access into the system or device is enabled by a vulnerability in the code, the number one security priority should be finding and fixing vulnerabilities in both in-house and third-party developed code. Vulnerability management is often understood as scanning for known vulnerabilities, but finding the unknown vulnerabilities is equally important.

Learn more about Codenomicon Unknown Vulnerability Management.


Fuzzing or fuzz testing is a negative software testing method that feeds a program, device or system with malformed and unexpected input data in order to find defects. Software testers, developers and auditors can quickly and cost-effectively find defects that can be triggered by malformed inputs via external interfaces.

More information on fuzzing.