"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Webcasts and Podcasts
Fuzzing 101 Webinar: Defensics X Features and Live Demonstration
Date: November 29, 2011
Codenomicon, the leading vendor of proactive security testing solutions, recently announced the release of Defensics X, the latest version of their security and robustness testing software. The major update introduces better coverage through infinite test case generation and usability enhancements on the user interface. Improved interoperability checks quickly adapt the tests to any test environment. Finally, new reporting functionality makes it faster to resolve all the discovered zero-day vulnerabilities.
In this webcast we will go through the key features in Defensics X, and demonstrate how Defensics fuzzing platform is configured and used in a live test setup.
> More information and Download / View
Fuzzing 101 Webinar: Developing secure NGN infrastructure
Date: September 27, 2011
Next Generation Networks (NGNs) provide a rich range of IP-based services for telecommunications operators, including voice, data, video, TV and messaging. The use of IP protocols as the foundation of NGNs gives great flexibility, but also exposes the networks to all the security threats found on the Internet. In this webcast, our guest speaker Principal Analyst Graham Titterington from Ovum will present the findings of Developing secure NGN infrastructure. For the research, Mr. Titterington interviewed nine NGN service providers and vendors serving this market. The interviews were conducted with technical experts in each of the companies, all of whom currently use Codenomicon Defensic fuzz testing security products.
You will learn how Ovum's whitepaper was able to identify the value of fuzz testing via analysis of the security issues relating to NGNs, how businesses are working to reduce these risks, the range of security testing approaches available and company-specific case studies.
> More information and Registration
Fuzzing 101 Webinar: Test Planning with Attack Vector Prioritization
Date: September 13, 2011
The complexity of modern day networks are overwhelming for people conducting security assessment in especially in the area of telecommunications. In an ideal world, all available interfaces would be tested, but in reality, budgets, deployment schedules and the availability of tools often impose limitations on what is feasible. In order to perform security testing efficiently yet thoroughly and reliably, it is necessary to prioritize the test targets to make sure that the critical interfaces are properly tested and the resources are not wasted on testing issues that are trivial in the particular system under test.
In this webcast, we will introduce a simple way of combining attack vector and attack surface analysis to Common Vulnerability Scoring System (CVSS) for prioritizing the interfaces and facilitating the test planning using IMS as an example. The IMS architecture is defined by logical network entities interconnected to each other by interfaces. We will demonstrate how, based on attack surface analysis, certain IMS interfaces were selected for closer examination, and how they were then prioritized according to the CVSS exploitability and impact metrics.
> More information and Registration
Fuzzing 101 Webinar: Fuzz testing the Bluetooth systems
Date: June 14, 2011
Bluetooth technology is all around us. It is used in computers, mobile phones, handsfree equipment, even in the car audio systems. Bluetooth testing mostly focuses on conformance testing, and the security issues are handled with authentication and device pairing. Unfortunately, exploits or malfunctioning devices can cause serious problems with the device operation and service availability.
In this Fuzzing 101 webcast, our security specialist Tommi Mäkilä will discuss the challenges, methods and results of Bluetooth security testing. You will learn what are the most typical misconceptions and the biggest threats for Bluetooth, and why fuzzing is an effective method in Bluetooth testing.
> More information and Registration
Fuzzing 101 Webinar: Fuzz your infrastructure - the blackhats are doing it, shouldn't you?
Date: April 12, 2011
Zero-day (a.k.a. unknown) vulnerabilities are the achilles heel for IT security; attacks exploiting zero-days have a free license to wreak havoc in a business environment. Current vulnerability discovery technologies typically focus on managing known vulnerabilities, and does not in itself constitute a complete vulnerability management strategy.
In this Fuzzing 101 webcast, our guest speaker is the VP and principal analyst Dr. Chenxi Wang from Forrester Research Inc. She will discuss the concept of "fuzzing your infrastructure". Fuzzing is a technique that is often used to discover zero-day vulnerabilities. The bad guys are using fuzzing constantly; shouldn't you know how to use it to your advantage?
In this webcast you will learn how to incorporate fuzzing in your vulnerability management strategy, where and when to do fuzzing, and the criteria via which to select an effective fuzzing tool.
> More information and Download / View
Fuzzing 101 Webinar: Unknown Vulnerability Management for Telecommunications
Date: March 15, 2011
Telecommunication networks used to be very hard to attack, but the introduction of all-IP Next Generation Networks (NGNs) and new more powerful access technologies open the previously closed Telco networks to the risks of the internet. The transition from the matured IPv4 to the new standard, IPv6, only increases this risk. Together with other new technologies, like IPTV and VoIP, it increases the likelihood of new and unique vulnerabilities in software.
In this webinar, we look at 3G/4G-LTE networks, legacy technologies, Smartphones and Triple-Play services and demonstrate how Denial of Service Attacks, mobile botnets and data theft can be prevented by finding critical vulnerabilities proactively.
> More information and Download / View
Fuzzing 101 Webinar: Unknown Vulnerability Management: Reporting and Mitigation
Date: February 10, 2011
Security of enterprise networks is based on blind trust to vendor's product security practices. But based on our studies at Code Labs, majority of enterprise software have minimal or no security built-in. With Codenomicon Defensics, enterprise users can gain visibility on the true security and reliability of third party developments by either running black-box tests themselves or insisting that vendors use Codenomicon Defensics or similar fuzzing tools.
The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the last two phases, Reporting and Mitigation.
In this webcast we will look at how collaborative tools can be used to share test environments and documentation between enterprises and vendors.You will learn how generate different types of reports for different audiences, augment test case documentation with PCAP traffic recordings and to use the Remediation Package to report findings to third parties, such as vendors. You will also see how test case documentation can be used to create tailored IDS/IPS rules to block possible zero-day attacks.
> More information and Download / View
Fuzzing 101 Webinar: Unknown Vulnerability Management and Testing
Date: January 20, 2011
In all forms of cyber attacks, the initial access into the system or device is enabled by a vulnerability in the code. Unknown Vulnerability Management is the process of proactively identifying and mitigating threats caused by unknown vulnerabilities. It is applicable both before and after deployment and can be used to ensure the security and robustness of both in-house and third party software productions.
The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the second phase, Testing. Learn how you can run multiple Defensics test suites simultaneously and discover both known and previously unknown vulnerabilities with unparalleled efficiency.
> More information and Download / View
Fuzzing 101 Webinar: Attack Surface Analysis
Date: December 8, 2010
The greatest security challenge for enterprises today is discovering attack vectors created by unknown vulnerabilities lurking in software. By recording actual traffic in your network and examining it, you can reveal vulnerable interfaces that you were not aware of and even discover possible zero-day exploits in action. We will demonstrate the use of Network Analyzer -based analysis techniques to map the attack surface from real network traffic and to determine what needs to be tested within your network. Our product, Codenomicon Network Analyzer, records traffic at multiple points in your network, thus it can capture the entire traffic in your network. It then automatically creates visualizations illustrating different aspects of the captured data. You can drill up and down from looking at high-level visualizations to inspecting the corresponding packet data, even in real time, and reveal hidden interfaces and possible exploits. These scenarios can then easily be integrated to your security testing.
> More information and Download / View
Fuzzing 101 Webinar: Fuzzing Performance
Date: November 10, 2010
In this webcast, we explore the field of high-speed robustness testing and performance testing. We will demonstrate how turn-key Fuzzing solutions can be used to generate more simultaneous attacks and to run more test cases in parallel enabling you to run more tests, which means that you can test more things and find more bugs. As a case study, we examine the performance of the Codenomicon Defensics 3 test tools in different test setups to see how resource constraints and bottlenecks, such as test target behavior and the amount of CPU, memory and network connections available, affect the performance of the test configurations. The goal is to help testers to achieve better test performance, when using fuzzing tools in load, stress and denial of service testing.
> More information and Download / View
Fuzzing 101 Webinar: Zero Day Vulnerability Management
Date: July 6, 2010
In this webcast, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.
> More information and Download / View
Fuzzing 101 Webinar: Fuzzing Use Cases
Date: June 8, 2010
Codenomicon has been involved with Fuzzing since 1996, and works with almost all industries on improving the security of a wide range of communication products and services. In this webcast, we have invited analysts from Frost & Sullivan to explain how they see the security market today, and how it is improving this year. Codenomicon will then present two case studies, one with the SDLC view of how the industry uses fuzzing today, and another on the results of a Crash Test Party where 30 students tested a wide range of products with state-of-the-art fuzzing tools.
> More information and registration
Fuzzing 101 Webinar: Fuzzing in the SDLC
Date: April 14-15, 2010
Codenomicon participated in the Blackhat webcast together with other new members of the SDL Pro Network. Codenomicon will provide a more extensive presentation for our customers and contacts. In this presentation, we will look at security and robustness testing in the various phases of the SDLC. Fuzzing is typically used in the Verification/Testing phase of the SDLC. This presentation explains how fuzzing can be used in the earlier stages of the software development process, for example, in unit testing. In addition, we will look at agile testing practices. In agile software development processes, fuzzing is performed in testing and verification related tasks in the agile development cycle.
> More information and registration
Webinar: Fuzzing 101
- First Look: What Fuzzing Can Do For Product Security
- Date: March 31st 2009, 1 PM EST
Fuzzing is a black-box testing technique for catching security problems in software. Fuzzing is used as a proactive security assessment technique by both penetration testers and quality assurance specialists. But the real market data on how Fuzzing has been used has been missing, until now. Codenomicon has invited two leading experts to explore this omission.
> More information and registration
Steve Hayes talks about Defensics 3.0 at STAREAST 2008
- Date: 11 June 2008
- Speaker: Steve Hayes
Steve Hayes, Business Development, Codenomicon, talks about Defensics 3.0 at STAREAST 2008. Interview by CM Crossroads / Megan O'Meara
Codenomicon CTO discusses tackling vulnerabilities
Published: May 30, 2008
CNET's Robert Vamosi speaks with Ari Takanen of Codenomicon about whether companies do a good job of finding and fixing their own vulnerabilities.
> read more!
> listen podcast!
Fuzzing First: Customers are Not Crash Test Dummies
A Software Test and Performance Magazine Webinar
Wednesday, May 28, 2008, 12:00p.m. EDT / 9:00 a.m. PDT
Moderator: Edward J. Correia , Editor, Software Test & Performance
Speakers: David Rice, Director of The Monterey Group, internationally recognized information security professional and author and
Ari Takanen, founder and CTO of Codenomicon
more information & registration >
Ari Takanen on software security at Infosec Europe
- Date: April 2008
- Speaker: Ari Takanen
Ari Takanen, CTO, Codenomicon, speaks at Infosec Europe April 2008 on software security. Interview by Virtually Informed.
HOW TO TEST FOR SOFTWARE VULNERABILITIES
- 16 April, at 9:00 am PT/Noon ET
- Speakers:
Jon Oltsik, Senior Analyst, Information Security, Enterprise Strategy Group
Howard A. Schmidt, Board Member, Codenomicon - Topic: This webinar will bring together the views of the industry on how software vulnerabilities are proactively found and resolved in software and services.
Host: Edward J. Correia, Editor SD Times
Speakers: Jessy F. Cavazos, Test & Measurement Industry Manager, Frost &
Sullivan; Heikki Kortti, Security Test Specialist, Codenomicon Ltd.
Wednesday, October 31, 2007; 12 pm US EST / 9 am US PST / 5 pm London
Speakers: Dr. Chenxi Wang, Principal, Forrester Research; Heikki Kortti, Security Test Specialist, Codenomicon Ltd.
Monday, November 5, 2007; 12 pm US EST / 9 am US PST / 5 pm London
RECORDED - October 2007
Securing Code
Heikki Kortti, Codenomicon
RECORDED - March 2007
Understanding New Attack Vectors
Ari Takanen, CTO, Codenomicon
