"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


Security Auditing Services

Attack surface analysis

Organizations typically have complex networks with more exposed interfaces than they are aware of. These interfaces can be revealed by recording and analyzing real traffic in the network to determine the potential attack vectors.

The attack surface analysis is a starting point for mapping threats and understanding the exposure of a system.

Codenomicon Network Analyzer records traffic at multiple points in your network capturing the entire traffic. It automatically creates visualizations illustrating different aspects of the captured data. You can drill up and down from looking at high-level visualizations to inspecting the corresponding packet data, also in real time, and reveal hidden interfaces and even possible exploits.

Security audit

Codenomicon service solution provides fuzzing, robustness and security audit services on all relevant levels: a specific Interface (a single protocol/attack vector), a specific box (multiple protocols/attack vectors), or a complex system (multiple protocols/attack vectors). When going beyond a specific interface our service is based on attack surface analysis.

Once vulnerabilities are found, we assist in the mitigation through reconfiguration or workaround, and facilitate fixing the root causes behind discovered vulnerabilities.

Vulnerability reporting

The most challenging tasks in vulnerability reporting are in the reproduction of found vulnerabilities, and in communication with vendors. Codenomicon works with a majority of software vendors and device manufacturers, and has trusted contacts that make this communication process less problematic.

Tools that are used to reproduce the vulnerabilities will have a direct impact to the reporting challenges. Management reports provide high-level overview of the test execution. Log files and spreadsheets help in identifying troublesome tests and minimize false negatives in tests. Test case documentation can be complemented with PCAP traffic recordings for easy technical analysis of individual tests. And finally, all important information can automatically be collected in a Remediation Package, which can be sent to third parties for automated reproduction.

Security audit management (Advanced)

Interpreting the auditing reports can sometimes be very difficult, especially when they come in different formats from different audit vendors - with different audit techniques and focus areas.

Codenomicon has bundled together the right infrastructure, tools and services for you to get more out of your security audits. With our help you will gain improved situational awareness during and between the audits, develop more efficient workflows, and discover novel ways to discover hidden risks through combined results from different tools.

Codenomicon has a network of contacts and partners in case you need help in choosing your security vendors and consultants, or if you need a third party review of the security audit process or results.

Contact us

If you would like to know more about our audit services, contact us at sales@codenomicon.com.