"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


Codenomicon Publications

Books

 

Fuzzing for Software Security Testing and Quality Assurance >>

by Ari Takanen, Jared D. DeMott, Charlie Miller (2008)

 

Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures >>

by Peter Thermos, Ari Takanen (2007)

 

A Functional Method for Assessing Protocol Implementation Security >>

Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). 2001. Espoo. Technical Research Centre of Finland, VTT Publications 447. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).

Theses

 

Improving capture based fuzzing by augmenting the structure from dissection with semantics.

Kuorilehto J. (2012), University of Oulu

 

SNMP Instrumentation in Robustness Testing

Jarva O. (2011), Oulu University of Applied Sciences

 

Papers

 

Proactive Cyber Defense: Understanding and Testing for Advanced Persistent Threats (APTs)

Download PDF

Juuso A-M., Takanen A., Kittilä K. (2013)

p. 383, Proceedings of The 12th European Conference on Information Warfare and Security, July 2013

 

Preventing DoS Attacks in NGN Networks with Proactive Specification-Based Fuzzing

Rontti T., Juuso A-M., Takanen A. (2012)

Vol. 50, Issue:9, pp.164-170, Communications Magazine, IEEE, September 2012

 

IMS Threat and Attack Surface Analysis using Common Vulnerability Scoring System

Petäjäsoja S., Kortti H., Takanen A., Tirilä J. (2011)

compsacw, pp.68-73, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, 2011

 

Securing Next Generation Networks by Fuzzing Protocol Implementations

Juuso A., Rontti T., Tirilä J. (2011)

 

Fuzzing for Software Security Testing and Quality Assurance

Takanen A. (2009)

EuroSTAR 2009

 

Fuzzing : the Past, the Present and the Future

Takanen A.(2009)

Symposium sur la sécurité des technologies de l'information et des communications (SSTIC) 2009, France.

 

Proactive Security Testing and Fuzzing

Takanen A. (2009)

ISSE 2009 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe 2009 Conference. Editors: Norbert Pohlmann, Helmut Reimer, Wolfgang Schneider. Vieweg+Teubner Verlag, 2009. ISBN 3834809586.

 

Experiences with model inference assisted fuzzing

Viide J., Helin A., Laakso M., Pietikäinen P., Seppänen M., Halunen K., Puuperä R., Röning J. 2008

In Proceedings of the 2nd Conference on USENIX Workshop on offensive Technologies (San Jose, CA). USENIX Association, Berkeley, CA, 1-6.

 

Vulnerability Dependencies in Antivirus Software

Askola K., Puuperä R., Pietikäinen P., Eronen J., Laakso M., Halunen K., Röning J.

Proceedings of the 2008 Second international Conference on Emerging Security information, Systems and Technologies (August 25 - 31, 2008). SECURWARE. IEEE Computer Society, Washington, DC, 273-278.

 

Case Studies from Fuzzing Bluetooth, WiFi and WiMAX

Petäjäsoja S., Takanen A., Varpiola M., Kortti H. (2007)

pp 188-195 Proc. in Securing Electronic Business Processes Vieweg, Vol.2: ISBN: 978-3-8348- 0346-7 (2007)

 

Security analysis and experiments for Voice over IP RTP media streams

Wieser C., Takanen A., Röning J. (2006)

8th International Symposium on Systems and Information Security (SSI'2006). Sao Jose dos Campos, Sao Paulo, Brazil. November 08-10, 2006

 

A Case for Protocol Dependency

Eronen J., Laakso M. (2005)

In proceedings of the First IEEE International Workshop on Critical Infrastructure Protection. Darmstadt, Germany. November 3-4, 2005.

 

Introducing constructive vulnerability disclosures >>

Laakso M., Takanen A., Röning J. (2001).

 

Software Security Assessment through Specification Mutations and Fault Injection >>

Kaksonen R., Laakso M., Takanen A. (2001).

 

Running Malicious Code By Exploiting Buffer Overflows: A Survey Of Publicly Available Exploits >>

Takanen, A., Laakso, M., Eronen, J. and Röning, J. (2000).

 

The Vulnerability Process: a tiger team approach to resolving vulnerability cases >>

Laakso M., Takanen A., Röning J. (1999).