"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
DEFENSICS Features and Benefits
Codenomicon DEFENSICS™ test platform provides preemptive security and robustness for Internet, wireless and digital media systems.
DEFENSICS is the most effective black-box, negative test solution for developers, service providers and enterprises to mitigate security exposure and system failure risks in their applications, devices and services.
Codenomicon DEFENSICS security and robustness test platform remains unmatched in its ability to find quality, resiliency and security exposures quickly within the broadest array of applications. Codenomicon has been recognized by the industry for its innovations in systematic blackbox negative testing capabilities – proven through a unique, systematic, repeatable and rigorous test methodology.
Ensure the security and robustness of your implementation quickly, easily and with confidence. DEFENSICS uniquely covers over 200 interfaces and formats – enabling testing of systems from the link-level communications all the way up to application protocol. Beyond supporting most IP-based protocols, the coverage extends to wireless and digital media such as MPEG video. This extensive suite coverage provides users with intelligent negative testing and maintained RFC coverage – identifying known and new vulnerabilities and hidden flaws in your current systems today, and as your protocol implementation requirements evolve.
Instantly expand your quality and security test scope without the manual creation cost. Each DEFENSICS test tool contains thousands of pre-defined, fully configurable test cases at your fingertips. Leveraging over ten years of security research, the test cases are optimized to efficiently discover irregular response, slower system reaction or terminated processes or system crashes. With only knowing the test targets protocol interfaces, DEFENSICS users can readily start testing and see immediate results.
Thoroughly test protocol implementations to mitigate unknown and published vulnerabilities. Beyond simple robustness test tools that mutate around known vulnerabilities, trivial message sequences or random anomalization, Codenomicon provides full model-based testing with the deepest possible coverage for each tested protocol. Codenomicon’s patent-pending Attack Simulation Engine (ASE) dynamically creates attack simulations to intelligently test a more extensive input space – at specific field, structural and message sequence levels most susceptible to fault, failure and security exposure. The net result is the identification of zero-day threats and new exposures in even the most hardened and complex protocol implementations.
Detailed, online documentation expedites problem resolution. DEFENSICS comes with detailed documentation for each test case to help you remediate flaws discovered from the systems under test. All test reports have direct links to test cases identifying a particular problem. Testers escalate issues to the respective vendor or development team with the exact test scenario and input that generated the bug – streamlining problem location within the application function and subsequent resolution.
Identified flaws are absolutely repeatable and traceable. DEFENSICS users from quality assurance and security analysts to engineering can remotely access the same system and reproduce any identified flaws. Users have fully integrated documentation, the exact test case construct and input context to determine the root cause of the defect. This negates problems where bug reproduction needs identical test environments, which can be an issue for externalized test applets. The convenience to readily reproduce bugs facilitates prompt reaction and fix verification.
An easy to use test solution with easy-to-interpret results. Users get up-to-speed and are effective with DEFENSICS quickly with access to fully indexed, well-described test cases and configuration options all within an intuitive interface. Users can observe tests in action or review detailed test results linked to test case documentation. The platform has a complete command-line interface and supports third party tools and scripts. The system can interface with external instrumentation and monitors within defined test condition triggers. All test results are presented in a standard format that can be conveniently incorporated within existing reporting processes and systems. The DEFENSICS platform yields accelerated time-to-value.
One test solution that supports mobile use, multi-location use and immediate access. The DEFENSICS test platform operates on popular OS’s and nominal hardware – even on a laptop. Our software-only solution gives engineering and security professionals the flexibility to immediately test any system or devices in the field and in the lab. The software supports remote users, multiple sites, multiple protocols, external audits and third party license management systems. By making the system accessible to different teams and users, organizations can increase usage and optimize resources while reducing expert staff utilization as well as extra travel and preparation costs.
Don’t let tools dictate your processes. The DEFENSICS test platform is designed to integrate into your software development and system deployment test processes. The software-based test solution can be fully controlled within third-party test harnesses and supports a robust command interface. The standard reports and pinpoint regression test capabilities allow for dependable test baselines, trending and continuous security and quality improvement. DEFENSICS delivers a cost-effective and efficient means for product acceptance and secure development lifecycle management.
Not only are Internet-based protocols vulnerable. While the testing of IP-based protocols remains crucial, it is only one potential attack surface in increasingly open systems. Implementation errors in the handling of wireless inputs or digital media can be equally harmful for target systems. Codenomicon DEFENSICS is the only security and robustness solution that methodically covers the testing of three critical attack vectors: network, wireless and digital media. This includes support for VoIP, Bluetooth, 3G, email and digital content such as JPEG images, MP3 audio and MPEG4 video.