"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Codenomicon Publications
Books
Fuzzing for Software Security Testing and Quality Assurance >>
by Ari Takanen, Jared D. DeMott, Charlie Miller (2008)
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures >>
by Peter Thermos, Ari Takanen (2007)
A Functional Method for Assessing Protocol Implementation Security >>
Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). 2001. Espoo. Technical Research Centre of Finland, VTT Publications 447. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).
Theses
Improving capture based fuzzing by augmenting the structure from dissection with semantics.
Kuorilehto J. (2012), University of Oulu
SNMP Instrumentation in Robustness Testing
Jarva O. (2011), Oulu University of Applied Sciences
Papers
Preventing DoS Attacks in NGN Networks with Proactive Specification-Based Fuzzing
Rontti T., Juuso A-M., Takanen A. (2012)
Vol. 50, Issue:9, pp.164-170, Communications Magazine, IEEE, September 2012
IMS Threat and Attack Surface Analysis using Common Vulnerability Scoring System
Petäjäsoja S., Kortti H., Takanen A., Tirilä J. (2011)
compsacw, pp.68-73, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, 2011
Securing Next Generation Networks by Fuzzing Protocol Implementations
Juuso A., Rontti T., Tirilä J. (2011)
Introducing constructive vulnerability disclosures >>
Laakso M., Takanen A., Röning J. (2001).
Software Security Assessment through Specification Mutations and Fault Injection >>
Kaksonen R., Laakso M., Takanen A. (2001).
Running Malicious Code By Exploiting Buffer Overflows: A Survey Of Publicly Available Exploits >>
Takanen, A., Laakso, M., Eronen, J. and Röning, J. (2000).
The Vulnerability Process: a tiger team approach to resolving vulnerability cases >>
Laakso M., Takanen A., Röning J. (1999).
