"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


Webcasts and Podcasts

Codenomicon Webinar:
Understanding Application Security

Featuring Tyler Shields of
Forrester Research, Inc.

Tuesday, March 11, 2014

  • Finland 17:00
  • Germany 16:00
  • United Kingdom 15:00
  • United States, East Coast 11:00
  • United States, West Coast 08:00

This webinar takes approx. 1 hour including a demo and a Q&A session.

It's what you don't know that makes you vulnerable

The application security landscape has gotten very complex. Today, there are new methods of assessment that firms must consider to mitigate their application security risks, especially when balancing the additional complications presented by third party libraries and reuse of code that can result in new security issues.

In this webinar, Codenomicon's guest speaker Tyler Shields, Senior Analyst at Forrester Research, will lay out the benefits of application security assessments and how they can help to reduce overall risk. He will also discuss how to fix root causes instead of just trying to block, defend, and respond to these issues.

After Tyler's talk, Codenomicon's Antti Häyrynen discusses managing the third-party component risk in application security. Antti also demonstrates AppCheck, Codenomicon's solution to manage application security risks.


TestDroid

How to Test Security and Vulnerability of Your Android and iOS Apps

Wednesday, 4 December, 2013

Abstract

In this collaborative webinar Codenomicon specialist Antti Häyrynen and TestDroid experts discuss securing Android and iOS applications.

Majority of today’s mobile apps consist of third-party code/libraries. This is a prudent and well-accepted development practice that offloads the task of developing code for non-core functions of your mobile app – or game. Identifying third-party code, its vulnerabilities and its license restrictions, is highly critical in order to understand your security exposure and your liability.

Join Testdroid Technical Product Manager and Codenomicon Security Specialist for this one-hour session to learn and experience the best practices for a modern and instant way of testing your mobile apps in the context of security and vulnerability threats, what it means to you, your app users and the whole mobile ecosystem. Learn to better understand ICS systems from a cybersecurity perspective and discover new techniques for improving the robustness and security of industrial control systems.


> Sign up now!

Codenomicon

ICS Cybersecurity Webinar: Understand ICS Security Challenges

Thursday, 19 September, 2013

Abstract

In this Fuzzing 101 webcast, ICS Cybersecurity experts Billy Rios from Cylance and Mike Ahmadi from Codenomicon discuss ICS cybersecurity challenges: “How do ICS systems differ from other IT systems and how should you protect them?”

Learn to better understand ICS systems from a cybersecurity perspective and discover new techniques for improving the robustness and security of industrial control systems.


> Download/ View


Codenomicon

Ovum Webinar: The Cost of Zero-Day Attacks in the Financial Sector

Wednesday, 12 June, 2013

Abstract

Maintaining security that meets the risk and compliance requirements of the enterprise is a constant challenge. Systems and networks are becoming more open and accessible. At the same time threats have become more advanced, persistent, and complex.

In this webinar, Ovum's Principal Analyst Andrew Kellett discusses the implications of this more complex threat environment to financial institutions. You will learn what the key pain points are in this area, how the institutions see them as challenges, and some solutions. In the second part of this webinar, Codenomicon Security Analyst Eeva Starck discusses briefly the solutions to the challenges.

View online and download the presentation slides: The Cost of Zero-Day Attacks in the Financial Sector


Codenomicon

Codenomicon Webinar: Proactive Cybersecurity - Stay Ahead of Attacks

Wednesday, 29 May, 2013

Abstract

Cyber attacks are a real threat. A governments should be prepared against cyber attacks, like they have have plans and resources in place for natural disasters. In this webinar, Mr. Sami Petäjäsoja, Codenomicon's Regional Director for the APAC region, will look into government cybersecurity best practices. We will also discuss strategies and techniques for preparing against cyber attacks.

View online: Proactive Cybersecurity - Stay Ahead of Attacks


Codenomicon

Fuzzing 101 Webinar: Fuzzing Connected Devices - Same Problems, Different Devices

Date: November 19, 2012

Connected devices are everywhere, and they are vulnerable. We at Codenomicon have been testing network-attached storage units, printers, smart TVs and wireless routers lately. We now discuss the results in our Fuzzing 101 webcast Connected Devices - Same Problems, Different Devices.

In this webinar, our Security Specialist Rikke Kuipers discusses how unknown vulnerabilities are found in connected devices and what are their implications.

> More information and Download / View

 


Codenomicon

Webinar über den Test von Bluetooth und WiFi Systemen

23. Oktober, 2012 um 10.00 Uhr stat

> Registrieren

Codenomicon und ARS Software laden Sie in ein Webinar ein mit dem Thema "Test von Bluetooth und WiFi Systemen". Im Webinar wird u.a. gezeigt wie einfach es ist mit Codenomicon's Defensics-Tools eine moderne Automotive Headunit zum Crash zu bringen.


Codenomicon

Results Overview of Commissioned Study Conducted by Forrester Consulting, "Total Economic Impact Of Codenomicon’s Defensics Security Testing Suite"

Date: October 10, 2012 10am Pacific Daylight Time (PDT) / 1pm Eastern Daylight Time (EDT)

Click Here for More information and Registration

Codenomicon commissioned Forrester to perform a study of the Total Economic Impact Of Codenomicon’s Defensics Security Testing Suite for a Defensics customer who is a large network equipment vendor. This study evaluated cash flows and financial metrics to quantify the Total Economic Impact. Chenxi Wang, VP & Principal Analyst at Forrester, will present an overview of the study's findings.


Codenomicon

Fuzz testing and agile software development

Date: October 10, 2012

Testing techniques used in Agile testing cannot effectively find unknown security flaws or software vulnerabilities. Negative robustness testing or Fuzzing is not covered by use cases, and therefore is not implemented into the agile process. Security testing and fuzzing are often used only at the end of the agile projectto find defects. We will highlight how fuzz testing can be integrated already into earlier phases of the agile QA process.

In this webcast, we will highlight automated security testing techniques based on Fuzzing, and provide examples on how those can be integrated to agile development process. We will discuss how agile fuzzing can improve quality, and how early elimination of security flaws can keep down the post-release costs.

The Fuzz testing and Agile software development webcast is offered to you in cooperation with the TEST Magazine.



> More information and Registration

 


Situation Awareness Webinar: Stay Ahead of the Advanced Threat with Actionable Abuse Information

Date: September 20, 2012

State of the Art in Internet Abuse Situation Awareness

Internet situation awareness is essential for defending your systems against advanced threats. Common signature-based security solutions protect against known threats, but they are ineffective against advanced attacks exploiting zero-day vulnerabilities. The best defense against these attacks is rapid detection enabled by comprehensive, accurate and timely abuse information.

All organizations connected to the Internet can be targeted by cyber attacks. Take this opportunity to register for the Next Generation Internet Situation Awareness Solutions webinar to find out how you can scale your in-house security expertise through speed up attack detection automated information collection and collaboration.

This webinar presents a botnet-inspired system for automatically generating actionable Internet abuse information. Botnets are traditionally associated with malicious activities, but their data handling capabilities can also be used to automatically collect, process and report abuse information.

> More information and Download / View

 


Fuzzing 101 Webinar: Smart TVs - Crashing Home Entertainment

Date: July 2, 2012

Home entertainment has expanded beyond the traditional television. Modern TV sets are very similar to a desktop computer: they have a processor, memory, a hard disk and some sort of an operating system running. They are now constantly connected to the Internet and offer a wide range of online services such as videos, music, online shopping and various web services. All these connections use communication protocols, which need to be tested and proofed in order for them to be secure.

In this webinar, we will discuss how unknown vulnerabilities are found in Smart TVs and what are their implications. All of the tested smart TVs crashed with a number of protocols.

> More information and Download / View

 


Codenomicon

Fuzzing 101 Webinar: Fuzzing Tactics - The Right Fuzzing Technique for All Use Cases

Date: May 29, 2012

Template or model-based fuzzing? Open source or commercial fuzzer? Do it yourself, or buy a service? Is not-to-fuzz an option? When planning proactive testing, there is abundance of solutions to choose from. So how do you know which one to pick?

In this webcast we will introduce different fuzzing options, their upsides and downsides. We will shed some light on how different fuzzers suit for different situations, and try to help you to choose the perfect fuzzing solution for your needs.

> More information and Download / View

 


APT: How Sophisticated Hackers Target Zero-Day Vulnerabilities

Date: May 3, 2012

Our guest speakers from Frost&Sullivan Olga Yashkova, Program Manager-North America Communications Test & Measurement Practice, and Srihari Padmanabhan, Senior Research Analyst will discuss Advanced Persistent Threats (APTs) and how sophisticated hackers use zero-day vulnerabilities.

> More information and Download / View

 


Codenomicon

Fuzzing 101 Webinar: Fuzzing in the cloud and Testing-as-a-Service

Date: April 12, 2012

Testing-as-a-Service is an emerging concept in security testing. Fuzzing has been traditionally used by highly skilled professional testers to find and fix unknown, zero-day vulnerabilities. Testing-as-a-Service concept caters to organizations who do not have the time, resources or the willingness to maintain testing teams specialized in fuzzing but want to ensure that their software is robust enough.

In this Fuzzing webcast our security specialist Antti Häyrynen will discuss the challenges, methods and results of testing-as-a-service testing. You will learn what are the most typical misconceptions and the biggest threats, and why fuzzing in the cloud is an effective method in vulnerability testing.

> More information and Download / View

 


Fuzzing 101 Webinar: Fuzz testing the Bluetooth systems

Date: Mar 7, 2012

Bluetooth technology is all around us. It is used in computers, mobile phones, handsfree equipment, even in the car audio systems. Bluetooth testing mostly focuses on conformance testing, and the security issues are handled with authentication and device pairing. Unfortunately, exploits or malfunctioning devices can cause serious problems with the device operation and service availability.

In this Fuzzing 101 webcast, our security specialist Tommi Mäkilä will discuss the challenges, methods and results of Bluetooth security testing. You will learn what are the most typical misconceptions and the biggest threats for Bluetooth, and why fuzzing is an effective method in Bluetooth testing.

> More information and Download / View

 


Fuzzing 101 Webinar: Defensics X Features and Live Demonstration

Date: November 29, 2011

Codenomicon, the leading vendor of proactive security testing solutions, recently announced the release of Defensics X, the latest version of their security and robustness testing software. The major update introduces better coverage through infinite test case generation and usability enhancements on the user interface. Improved interoperability checks quickly adapt the tests to any test environment. Finally, new reporting functionality makes it faster to resolve all the discovered zero-day vulnerabilities.

In this webcast we will go through the key features in Defensics X, and demonstrate how Defensics fuzzing platform is configured and used in a live test setup.

> More information and Download / View

 


 

Codenomicon

Fuzzing 101 Webinar: Developing secure NGN infrastructure

Date: September 27, 2011

Next Generation Networks (NGNs) provide a rich range of IP-based services for telecommunications operators, including voice, data, video, TV and messaging. The use of IP protocols as the foundation of NGNs gives great flexibility, but also exposes the networks to all the security threats found on the Internet. In this webcast, our guest speaker Principal Analyst Graham Titterington from Ovum will present the findings of Developing secure NGN infrastructure. For the research, Mr. Titterington interviewed nine NGN service providers and vendors serving this market. The interviews were conducted with technical experts in each of the companies, all of whom currently use Codenomicon Defensic fuzz testing security products.

You will learn how Ovum's whitepaper was able to identify the value of fuzz testing via analysis of the security issues relating to NGNs, how businesses are working to reduce these risks, the range of security testing approaches available and company-specific case studies.

> More information and Download / View

 


 

Codenomicon

Fuzzing 101 Webinar: Test Planning with Attack Vector Prioritization

Date: September 13, 2011

The complexity of modern day networks are overwhelming for people conducting security assessment in especially in the area of telecommunications. In an ideal world, all available interfaces would be tested, but in reality, budgets, deployment schedules and the availability of tools often impose limitations on what is feasible. In order to perform security testing efficiently yet thoroughly and reliably, it is necessary to prioritize the test targets to make sure that the critical interfaces are properly tested and the resources are not wasted on testing issues that are trivial in the particular system under test.

In this webcast, we will introduce a simple way of combining attack vector and attack surface analysis to Common Vulnerability Scoring System (CVSS) for prioritizing the interfaces and facilitating the test planning using IMS as an example. The IMS architecture is defined by logical network entities interconnected to each other by interfaces. We will demonstrate how, based on attack surface analysis, certain IMS interfaces were selected for closer examination, and how they were then prioritized according to the CVSS exploitability and impact metrics.

> More information and Registration

 


 

Codenomicon

Fuzzing 101 Webinar: Fuzz testing the Bluetooth systems

Date: June 14, 2011

Bluetooth technology is all around us. It is used in computers, mobile phones, handsfree equipment, even in the car audio systems. Bluetooth testing mostly focuses on conformance testing, and the security issues are handled with authentication and device pairing. Unfortunately, exploits or malfunctioning devices can cause serious problems with the device operation and service availability.

In this Fuzzing 101 webcast, our security specialist Tommi Mäkilä will discuss the challenges, methods and results of Bluetooth security testing. You will learn what are the most typical misconceptions and the biggest threats for Bluetooth, and why fuzzing is an effective method in Bluetooth testing.

> More information and Registration

 


 

Codenomicon Forrester Research

Fuzzing 101 Webinar: Fuzz your infrastructure - the blackhats are doing it, shouldn't you?

Date: April 12, 2011

Zero-day (a.k.a. unknown) vulnerabilities are the achilles heel for IT security; attacks exploiting zero-days have a free license to wreak havoc in a business environment. Current vulnerability discovery technologies typically focus on managing known vulnerabilities, and does not in itself constitute a complete vulnerability management strategy.

In this Fuzzing 101 webcast, our guest speaker is the VP and principal analyst Dr. Chenxi Wang from Forrester Research Inc. She will discuss the concept of "fuzzing your infrastructure". Fuzzing is a technique that is often used to discover zero-day vulnerabilities. The bad guys are using fuzzing constantly; shouldn't you know how to use it to your advantage?

In this webcast you will learn how to incorporate fuzzing in your vulnerability management strategy, where and when to do fuzzing, and the criteria via which to select an effective fuzzing tool.

> More information and Download / View

 


 

Codenomicon

Fuzzing 101 Webinar: Unknown Vulnerability Management for Telecommunications

Date: March 15, 2011

Telecommunication networks used to be very hard to attack, but the introduction of all-IP Next Generation Networks (NGNs) and new more powerful access technologies open the previously closed Telco networks to the risks of the internet. The transition from the matured IPv4 to the new standard, IPv6, only increases this risk. Together with other new technologies, like IPTV and VoIP, it increases the likelihood of new and unique vulnerabilities in software.

In this webinar, we look at 3G/4G-LTE networks, legacy technologies, Smartphones and Triple-Play services and demonstrate how Denial of Service Attacks, mobile botnets and data theft can be prevented by finding critical vulnerabilities proactively.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Unknown Vulnerability Management: Reporting and Mitigation

Date: February 10, 2011

Security of enterprise networks is based on blind trust to vendor's product security practices. But based on our studies at Code Labs, majority of enterprise software have minimal or no security built-in. With Codenomicon Defensics, enterprise users can gain visibility on the true security and reliability of third party developments by either running black-box tests themselves or insisting that vendors use Codenomicon Defensics or similar fuzzing tools.

The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the last two phases, Reporting and Mitigation.

In this webcast we will look at how collaborative tools can be used to share test environments and documentation between enterprises and vendors.You will learn how generate different types of reports for different audiences, augment test case documentation with PCAP traffic recordings and to use the Remediation Package to report findings to third parties, such as vendors. You will also see how test case documentation can be used to create tailored IDS/IPS rules to block possible zero-day attacks.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Unknown Vulnerability Management and Testing

Date: January 20, 2011

In all forms of cyber attacks, the initial access into the system or device is enabled by a vulnerability in the code. Unknown Vulnerability Management is the process of proactively identifying and mitigating threats caused by unknown vulnerabilities. It is applicable both before and after deployment and can be used to ensure the security and robustness of both in-house and third party software productions.

The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the second phase, Testing. Learn how you can run multiple Defensics test suites simultaneously and discover both known and previously unknown vulnerabilities with unparalleled efficiency.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Attack Surface Analysis

Date: December 8, 2010

The greatest security challenge for enterprises today is discovering attack vectors created by unknown vulnerabilities lurking in software. By recording actual traffic in your network and examining it, you can reveal vulnerable interfaces that you were not aware of and even discover possible zero-day exploits in action. We will demonstrate the use of Network Analyzer -based analysis techniques to map the attack surface from real network traffic and to determine what needs to be tested within your network. Our product, Codenomicon Network Analyzer, records traffic at multiple points in your network, thus it can capture the entire traffic in your network. It then automatically creates visualizations illustrating different aspects of the captured data. You can drill up and down from looking at high-level visualizations to inspecting the corresponding packet data, even in real time, and reveal hidden interfaces and possible exploits. These scenarios can then easily be integrated to your security testing.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Fuzzing Performance

Date: November 10, 2010

In this webcast, we explore the field of high-speed robustness testing and performance testing. We will demonstrate how turn-key Fuzzing solutions can be used to generate more simultaneous attacks and to run more test cases in parallel enabling you to run more tests, which means that you can test more things and find more bugs. As a case study, we examine the performance of the Codenomicon Defensics 3 test tools in different test setups to see how resource constraints and bottlenecks, such as test target behavior and the amount of CPU, memory and network connections available, affect the performance of the test configurations. The goal is to help testers to achieve better test performance, when using fuzzing tools in load, stress and denial of service testing.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Zero Day Vulnerability Management

Date: July 6, 2010

In this webcast, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.

> More information and Download / View


 


 

Codenomicon

Fuzzing 101 Webinar: Fuzzing Use Cases

Date: June 8, 2010

Codenomicon has been involved with Fuzzing since 1996, and works with almost all industries on improving the security of a wide range of communication products and services. In this webcast, we have invited analysts from Frost & Sullivan to explain how they see the security market today, and how it is improving this year. Codenomicon will then present two case studies, one with the SDLC view of how the industry uses fuzzing today, and another on the results of a Crash Test Party where 30 students tested a wide range of products with state-of-the-art fuzzing tools.

> More information and registration


 


 

Codenomicon

Fuzzing 101 Webinar: Fuzzing in the SDLC

Date: April 14-15, 2010

Codenomicon participated in the Blackhat webcast together with other new members of the SDL Pro Network. Codenomicon will provide a more extensive presentation for our customers and contacts. In this presentation, we will look at security and robustness testing in the various phases of the SDLC. Fuzzing is typically used in the Verification/Testing phase of the SDLC. This presentation explains how fuzzing can be used in the earlier stages of the software development process, for example, in unit testing. In addition, we will look at agile testing practices. In agile software development processes, fuzzing is performed in testing and verification related tasks in the agile development cycle.

> More information and registration


 


 

Codenomicon Forrester Research Cigital

Webinar: Fuzzing 101

  • First Look: What Fuzzing Can Do For Product Security
  • Date: March 31st 2009, 1 PM EST

Fuzzing is a black-box testing technique for catching security problems in software. Fuzzing is used as a proactive security assessment technique by both penetration testers and quality assurance specialists. But the real market data on how Fuzzing has been used has been missing, until now. Codenomicon has invited two leading experts to explore this omission.

> More information and registration


 


 

CM Crossroads

Steve Hayes talks about Defensics 3.0 at STAREAST 2008

  • Date: 11 June 2008
  • Speaker: Steve Hayes

Steve Hayes, Business Development, Codenomicon, talks about Defensics 3.0 at STAREAST 2008. Interview by CM Crossroads / Megan O'Meara

> View video


 


 

CNET

Codenomicon CTO discusses tackling vulnerabilities

Published: May 30, 2008

CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities.

> read more!
> listen podcast!

 


 

Software Test & Performance

Fuzzing First: Customers are Not Crash Test Dummies

A Software Test and Performance Magazine Webinar
Wednesday, May 28, 2008, 12:00p.m. EDT / 9:00 a.m. PDT

Moderator: Edward J. Correia , Editor, Software Test & Performance
Speakers: David Rice, Director of The Monterey Group, internationally recognized information security professional and author and Ari Takanen, founder and CTO of Codenomicon

more information & registration >

 


 

Virtually Informed

Ari Takanen on software security at Infosec Europe

  • Date: April 2008
  • Speaker: Ari Takanen

Ari Takanen, CTO, Codenomicon, speaks at Infosec Europe April 2008 on software security. Interview by Virtually Informed.

> View videos


 


 

HOW TO TEST FOR SOFTWARE VULNERABILITIES

  • 16 April, at 9:00 am PT/Noon ET
  • Speakers:
    Jon Oltsik, Senior Analyst, Information Security, Enterprise Strategy Group
    Howard A. Schmidt, Board Member, Codenomicon
  • Topic: This webinar will bring together the views of the industry on how software vulnerabilities are proactively found and resolved in software and services.

REGISTER NOW!

 


 

FS   Software Test & Performance

Webcast with Frost & Sullivan: Robustness Test Impact on Quality, Security and Resiliency; Drivers, Considerations, Best Practices and Innovations

Host: Edward J. Correia, Editor SD Times
Speakers: Jessy F. Cavazos, Test & Measurement Industry Manager, Frost &
Sullivan; Heikki Kortti, Security Test Specialist, Codenomicon Ltd.

Wednesday, October 31, 2007; 12 pm US EST / 9 am US PST / 5 pm London

Sign up now >

 


 

forrester   SearchSecurity.com

Webcast with Forrester Research: Security & Robustness Testing Justification; Solution Fit, Cost/Benefit and Success Factors

Speakers: Dr. Chenxi Wang, Principal, Forrester Research; Heikki Kortti, Security Test Specialist, Codenomicon Ltd.

Monday, November 5, 2007; 12 pm US EST / 9 am US PST / 5 pm London

Sign up now >

 


 

RECORDED - October 2007
Securing Code
Heikki Kortti, Codenomicon

tech forum live

 


 

RECORDED - March 2007
Understanding New Attack Vectors
Ari Takanen, CTO, Codenomicon

techtarget download_mp3

Real media | Windows media

stream now download_mp3