Press Releases

Codenomicon named to Magic Quadrant for Dynamic Application Security Testing

Fuzzing tools covered for the first time by Gartner Analysts

OULU, FINLAND and SARATOGA, CA, USA - February 20th, 2012 Codenomicon, the leading vendor of proactive security testing solutions, is pleased to announce Gartner Inc. has named Codenomicon's software security stress-testing solutions to the Magic Quadrant for Dynamic Application Security Testing (DAST).

"It is good to see analyst recognition for our 15 years of work in the area of catching critical zero-day vulnerabilities through fuzzing protocols, file formats, and programming interfaces," says David Chartier, CEO of Codenomicon. "Since the release of the report, Codenomicon introduced its latest innovation in cloud-based security testing service for application fuzzing." The cloud-based application testing-as-a-service (TaaS) solution, Fuzz-o-Matic, provides benefits of Codenomicon's experience in zero-day vulnerability discovery to users who do not have security testing staff or have limited budget for security auditing. Furthermore, Fuzz-o-Matic provides third-party testing for users such as enterprise procurement, investors, and M&A professionals.

Other new tools for application testing are Defensics Web Application Test Suite and Codenomicon WebSocket Server Test Suite. Web Application Test Suite complements Codenomicon's Defensics HTTP Server Suite: HTTP Server Suite tests HTTP server and Web Application Test Suite ensures the robustness of the web application running behind the HTTP server. The WebSocket Protocol is a new technology that will improve and simplify the real-time two-way communication between browsers and web servers. The Defensics WebSocket Protocol Test Suite can be used for testing WebSocket server for both protocol implementation and the payload which goes over WebSocket.

Dynamic testing runs a software application while it performs the security-testing analyses. According to Gartner, DAST tools "should be considered mandatory to test all Web-enabled enterprise applications as well as packaged and cloud-based applications". Application fuzzing uses unexpected inputs to stress-test software far beyond normal operating conditions. Most software testing simulates normal operating conditions to determine if software does what it is designed to do. Black-hat hackers use application fuzzing to find exploitable security bugs in unused or rarely-used software functionality. Microsoft Software Development Lifecycle (SDLC), Cisco SDLC, and Building Security in Maturity Model (BSIMM) recognize the key role of fuzzing in the creation of secure and rugged software.

About Codenomicon Ltd

Spun-out of Finland's Oulu University in 2001 to provide software security testing solutions to developers and security analysts, Codenomicon's customers include Alcatel-Lucent, AT&T, Cisco Systems, Microsoft, Motorola, Google, Verizon, NSN, Huawei, and T-Systems among many others. Companies rely on Codenomicon's solutions to mitigate threats like Denial of Service (DoS) situations and data leakage, which could increase liability, damage business reputation, and cripple sales. Codenomicon is a member of the SDL Pro Network. For more information, go to