Codenomicon News - RSS Feed http://www.codenomicon.com/news/ en-us Codenomicon 1 press@codenomicon.com (Codenomicon) http://www.codenomicon.com/news/newsletter/archive/2010-09.html Check out the latest Codenomicon Newsletter! Once again, the newsletter is full of news and events. Our CEO, David Chartier, starts the September issue with a few words on unknown vulnerability management. There is also story about the customer event we held in Las Vegas during the Blackhat week. We had excellent speakers from Cisco, Microsoft, Cigital, SafeCode, Rugged Software, and celebrities like Charlie Miller. Check out the videos! We have also recently released whitepapers and webcast recordings, more to come in the near future! And, no newsletter would be complete without news from the CROSS team and our security researchers. Mon, 1 Sep 2010 12:00:00 +0300 http://www.codenomicon.com/news/newsletter/archive/2010-09.html http://www.codenomicon.com/news/news/2010-07-22b.shtml Last May, Codenomicon organized a Crash Test Party for students of computer engineering and computer science. The first bugs found at the Crash Test party have now been fixed and can be publicly disclosed. These bugs involve several flaws in OpenLDAP. The vulnerabilities were found by Ilkka Mattila and Tuomas Salomäki with the Codenomicon LDAPv3 test suite, which is an automated fuzzing tool for finding security flaws in any LDAP implementations. With the help of Codenomicon experts, the students reported the flaws to CERT-FI, who coordinated the release of the vulnerabilities between the vulnerability researchers and the affected vendors. CERT-FI has issued an advisory on the vulnerability. Codenomicon and CERT-FI would like to thank the researchers and the OpenLDAP project for co-operation in the remediation efforts. Thu, 22 Jul 2010 15:00:00 +0300 http://www.codenomicon.com/news/news/2010-07-22b.shtml http://www.codenomicon.com/news/news/2010-07-22.shtml In the July Fuzzing 101 webcast, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management. Thu, 22 Jul 2010 12:00:00 +0300 http://www.codenomicon.com/news/news/2010-07-22.shtml http://www.codenomicon.com/news/newsletter/archive/2010-06.html The June issue of Codenomicon Newsletter summarizes all recent news from Codenomicon, including the launch of new Defensics Test Generator Engine, fuzzing medical devices with HDP profile for Bluetooth, several news from CROSS team, and announcement for next Fuzzing 101 webcast. Thu, 24 Jun 2010 12:00:00 +0300 http://www.codenomicon.com/news/newsletter/archive/2010-06.html http://www.codenomicon.com/news/press-releases/2010-04-27.shtml Codenomicon today released a toolkit for automated penetration testing. These tools revolutionize the penetration testing processes by eliminating unnecessary ad-hoc manual testing. The required expertise is built into the tools making efficient penetration testing available for all. The new solution makes fuzzing an affordable solution for consultants. Tue, 27 Apr 2010 12:00:00 +0300 http://www.codenomicon.com/news/press-releases/2010-04-27.shtml http://www.codenomicon.com/news/press-releases/2010-03-29.shtml Codenomicon today launched a new solution for distributed test lab monitoring and network troubleshooting. The Codenomicon Network Analyzer records test behavior and automatically visualizes network traffic. The Analyzer provides testers with a clear picture of actual network traffic making it easy to discover problematic network areas, to target tests and to monitor the testing efforts in multiple locations. Mon, 29 Mar 2010 16:00:00 +0300 http://www.codenomicon.com/news/press-releases/2010-03-29.shtml http://www.codenomicon.com/news/news/2010-03-24.shtml In this whitepaper we describe how robustness testing techniques can be used to assess the security and robustness of internet browsers. In a case study, we analyze the robustness of five major browsers. In the tests, potential attack scenarios are simulated by sending anomalous inputs to the tested browsers using a robustness testing method called fuzzing. None of the browsers passed the tests. Wed, 24 Mar 2010 15:00:00 +0300 http://www.codenomicon.com/news/news/2010-03-24.shtml http://www.codenomicon.com/careers/ We are now looking for Platform Developer (Oulu or Helsinki, Finland) and Test Tool Developer (Oulu, Finland). Wed, 24 Mar 2010 9:00:00 +0300 http://www.codenomicon.com/careers/#20100324 http://www.codenomicon.com/news/press-releases/2010-03-02.shtml Codenomicon solutions are used to test the security and robustness of 3G/4G/LTE communications. At the upcoming LTE IOT interoperability event, MSF will introduce robustness testing. MSF is the first industry forum to include security testing in its program. The MSF LTE IOT event will take place March 15-26. Wed, 2 Mar 2010 12:00:00 +0300 http://www.codenomicon.com/news/press-releases/2010-03-02.shtml http://www.codenomicon.com/news/press-releases/2010-02-04.shtml Codenomicon, a leading vendor of proactive software security testing solutions, has been selected to participate as a tool vendor in Microsoft's SDL Pro Network. Codenomicon's fuzzing solutions complement the services provided by the SDL Pro Network by helping companies to integrate security and robustness testing into their development process and verify the quality of their software before deployment. Thu, 4 Feb 2010 22:00:00 +0300 http://www.codenomicon.com/news/press-releases/2010-02-04.shtml http://www.codenomicon.com/news/press-releases/2010-02-03.shtml Codenomicon is offering everyone the opportunity to tests its FTP test suite free of charge. The purpose is to give everyone a chance to try out fuzz-testing in their own test environment. The tool is also intended for educational purposes in schools and universities. Wed, 3 Feb 2010 18:52:00 +0300 http://www.codenomicon.com/news/press-releases/2010-02-03.shtml http://www.codenomicon.com/news/newsletter/archive/2010-02.html Topics: Codenomicon Fuzzing Tools and SDL, CROSS Bug, Howard to the White House, Defensics test suite package for penetration testers, Free release of FTP Server test tool, New white papers from Codenomicon Wed, 3 Feb 2010 13:41:00 +0300 http://www.codenomicon.com/news/newsletter/archive/2010-02.html http://www.codenomicon.com/news/news/2010-01-22.shtml Codenomicon CROSS team has found a vulnerability in Linux kernel regarding the handling of IPv6 jumbograms. Fri, 22 Jan 2010 15:01:00 +0300 http://www.codenomicon.com/news/news/2010-01-22.shtml http://www.codenomicon.com/careers/vacancies/summer-trainees.shtml We are currently looking for an enthusiastic summer trainees for challenging R&D positions. Tue, 5 Jan 2010 14:01:00 +0300 http://www.codenomicon.com/careers/vacancies/summer-trainees.shtml http://www.codenomicon.com/news/press-releases/2009-12-23.shtml Codenomicon board member Howard A. Schmidt was appointed the White House Cybersecurity Coordinator yesterday by President Barack Obama. This appointment is the latest move in a series of measures taken by the White House to further cybersecurity, a theme which has taken on new urgency this year in the face of a growing range of cyberattacks and reports of vulnerabilities in business and military computing systems Wed, 23 Dec 2009 21:01:00 +0300 http://www.codenomicon.com/news/press-releases/2009-12-23.shtml http://www.codenomicon.com/news/newsletter/archive/2009-12.shtml Happy Holidays from the Codenomicon Team! We hope you have a Happy New Year and we look forward to working with you in 2010. With the year 2009 coming close to its end, it is time to look back: how did the year go and what were we able to achieve. Tue, 22 Dec 2009 11:05:00 +0300 http://www.codenomicon.com/news/newsletter/archive/2009-12.shtml http://www.codenomicon.com/news/press-releases/2009-11-24.shtml Codenomicon Ltd. is proud to announce that its proactive DEFENSICS test solutions will be recognized with the Frost and Sullivan Award for the Best Security Test Equipment of the Year. Tue, 24 Nov 2009 11:21:00 +0300 http://www.codenomicon.com/news/press-releases/2009-11-24.shtml http://www.codenomicon.com/news/press-releases/2009-11-05.shtml Codenomicon released a general purpose fuzzing tool today for testing all communication interfaces. The new DEFENSICS Traffic Capture Fuzzer loads threat vectors from sources like network analyzers and vulnerability feeds, and automatically generates extensive tests to find zero-day threats in protocol implementations. Thu, 5 Nov 2009 15:32:00 +0300 http://www.codenomicon.com/news/press-releases/2009-11-05.shtml http://www.codenomicon.com/news/news/2009-10-16.shtml Be sure to visit InfoTech 2009 to see Codenomicon Robustness Specialist, Mikko Varpiola speak on Fuzzing for Software Security Testing and Quality Assurance. Fri, 16 Oct 2009 14:55:00 +0300 http://www.codenomicon.com/news/news/2009-10-16.shtml http://www.codenomicon.com/resources/whitepapers.shtml#hh09 The recent fuzzing talk by Ari Takanen, given at Hacker Halted conference in Miami has been added to our resources page Fri, 16 Oct 2009 14:38:00 +0300 http://www.codenomicon.com/resources/whitepapers.shtml#hh09 http://www.codenomicon.com/news/press-releases/2009-09-22.shtml Codenomicon released a new product today for XML security testing. DEFENSICS for XML is the first commercial product which helps software developers and integrators to find zero-day security problems in XML libraries and applications. Tue, 22 Sep 2009 12:00:00 +0300 http://www.codenomicon.com/news/press-releases/2009-09-22.shtml http://www.codenomicon.com/news/news/2009-09-16.shtml Among many other improvements, Defensics 3 introduced two new features to help prioritize security issues found in testing. The new DEFENSICS architecture and test generation engine ensure that these and other new functionalities are automatically integrated into all future protocol fuzzers from Codenomicon. Wed, 16 Sep 2009 18:13:00 +0300 http://www.codenomicon.com/news/news/2009-09-16.shtml http://www.codenomicon.com/news/news/2009-08-11.shtml Earlier this year SAP AG invited Codenomicon to join a Release Test at the global test facilities at world wide Headquarters in Walldorf, Germany. Tue, 11 Aug 2009 16:13:00 +0300 http://www.codenomicon.com/news/news/2009-08-11.shtml http://www.codenomicon.com/news/newsletter/archive/2009-08.shtml Tue, 11 Aug 2009 16:11:00 +0300 http://www.codenomicon.com/news/newsletter/archive/2009-08.shtml http://www.codenomicon.com/news/press-releases/2009-08-05.shtml Codenomicon announced today that it has helped fix multiple critical flaws in popular XML libraries, including implementations from Sun Microsystems, Apache Software Foundation, and Python. Wed, 05 Aug 2009 16:22:00 +0300 http://www.codenomicon.com/news/press-releases/2009-08-05.shtml http://www.codenomicon.com/news/news/2009-07-28.shtml Looking at the security of handling HTTP responses, with Defensics HTTP Client tests, the team found a new set of issues in Squid. Tue, 28 Jul 2009 20:10:00 +0300 http://www.codenomicon.com/news/news/2009-07-28.shtml http://www.codenomicon.com/news/press-releases/2009-07-07.shtml Codenomicon has chosen Emenda as a strategic partner in all largest security markets in Europe. Tue, 07 Jul 2009 17:22:00 +0300 http://www.codenomicon.com/news/press-releases/2009-07-07.shtml http://www.codenomicon.com/news/news/2009-04-23.shtml Thu, 23 Apr 2009 15:10:00 +0300 http://www.codenomicon.com/news/news/2009-04-23.shtml http://www.codenomicon.com/news/press-releases/2009-04-20.shtml Codenomicon today announced its new CSaaS offering which allows the marketplace preemptive testing options without large capital investment. Mon, 20 Apr 2009 10:48:00 +0300 http://www.codenomicon.com/news/press-releases/2009-04-20.shtml http://www.codenomicon.com/careers/vacancies/test-engineer.shtml Test engineer joins our company to test our innovative security and robustness testing tools. Quality assurance professionals are also participating in the testing of customer equipment both off-site and on-site. Sun, 19 Apr 2009 11:48:00 +0300 http://www.codenomicon.com/careers/vacancies/test-engineer.shtml http://www.infosec.co.uk/codenomiconinvitation/ Codenomicon have invited you to visit them on stand L95 at Infosecurity Europe 2009, held on the 28th - 30th April, at Earls Court. Please complete the registration form to receive free admission to the exhibition. Thu, 2 Apr 2009 10:55:00 +0300 http://www.infosec.co.uk/codenomiconinvitation/ http://www.codenomicon.com/news/editorial-coverage.shtml#20090401 Fuzz testing turns the tables on those that would do harm. Learn about this negative testing technique that takes penetration to a whole new level. STP Magazine cover story by Codenomicon CTO Ari Takanen. Wed, 1 Apr 2009 11:52:00 +0300 http://www.codenomicon.com/news/editorial-coverage.shtml#20090401 http://www.codenomicon.com/news/news/2009-03-03.shtml Join our Network Security Testing Seminar to hear how the top security vendors are protecting against malicious attacks, and to see examples of the consequences of these attacks for commonly used network components. Tue, 3 Mar 2009 11:55:00 +0300 http://www.codenomicon.com/news/news/2009-03-03.shtml http://www.codenomicon.com/news/press-releases/2009-02-24.shtml Codenomicon today announced its flagship XML testing product allowing the industry to clearly understand the existing security weaknesses in many open source and commercially deployed products taking advantage of XML technology. Tue, 24 Feb 2009 14:55:00 +0300 http://www.codenomicon.com/news/press-releases/2009-02-24.shtml http://www.codenomicon.com/news/news/2009-02-06.shtml Codenomicon's brave security soldiers have won yet another round in our ongoing battle for making open source software more robust and promoting the effectiveness of Codenomicon testing products in the process. Fri, 6 Feb 2009 12:55:00 +0300 http://www.codenomicon.com/news/news/2009-02-06.shtml http://www.codenomicon.com/news/press-releases/2009-01-19.shtml Codenomicon is proud to announce that it has been chosen as a winner of the prestigious 2008 Red Herring Global 100 list. Mon, 19 Jan 2009 12:55:00 +0300 http://www.codenomicon.com/news/press-releases/2009-01-19.shtml http://www.codenomicon.com/news/news/2009-01-19.shtml Ari Takanen, one of the Codenomicon founders and CTO of Codenomicon has been nominated to the list of top 100 most influential people in ICT sector in Finland. Mon, 19 Jan 2009 11:55:00 +0300 http://www.codenomicon.com/news/news/2009-01-19.shtml http://www.codenomicon.com/weknow/ Ari Takanen, one of the Codenomicon founders and CTO of Codenomicon has been nominated to the list of top 100 most influential people in ICT sector in Finland. Fri, 9 Jan 2009 11:55:00 +0300 http://www.codenomicon.com/weknow/l