"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba


For Developers

Quality Means Robustness. Robustness Means Security.

Codenomicon produces state-of-the-art blackbox, negative testing solutions for improving the quality of software implementation. Codenomicon leverages its in-depth understanding of infrastructure, network and application protocols, flaws and test methodology to provide a simple yet unparalleled security and robustness assurance solution.

Problem

The cost and expertise required to develop and maintain secure testing best practices that help customers stay ahead of the threat still persists in the market. This is due to:

  • Flawed commercial, consumer and corporate applications
  • Increased development and deployment release pressures
  • Shortage of security resources and expertise
  • Unpredictable zero-day attacks, patches and system availability issues

Solution

Codenomicon DEFENSICS test platform and extensive library of protocol test software help make software, devices and services more robust -- more able to withstand anomalous inputs and stressful environment conditions. Our preemptive fault discovery improves the overall dependability and security readiness of your system before malicious third parties have the chance to attack it, crash it or breach it.

Unlike code and web application analyzers, and vulnerability scanners, Codenomicon DEFENSICS test platform identifies device, software and service issues in advance of the threat - without the burden of requiring expert resources, source code access, in-depth product knowledge, defining additional test cases, and materially prolonging test processes.

The DEFENSICS test software intelligently asserts targeted attack patterns against application protocols to discover irregular response, slower system reaction or terminated processes or system crashes – all of which can expose operational and security risks. By delivering targeted negative test parameters systematically, testers can quickly identify flaws, failures and vulnerabilities as well as validate bug resolution from the exact construct of a system under test.

Not only Internet-based protocols are vulnerable

While the testing of IP-based protocols remains crucial, it is only one potential attack surface in increasingly open systems. Implementation errors in the handling of wireless inputs or digital media can be equally harmful for target systems. Codenomicon DEFENSICS is the only security and robustness solution that methodically covers the testing of three critical attack vectors: network, wireless and digital media. This includes support for VoIP, Bluetooth, 3G, email and digital content such as JPEG images, MP3 audio and MPEG4 video.

 

Vectors

 

Constant development and updating ensures that DEFENSICS keeps up with new developments in protocol specifications and extensions. Our update process improves the already extensive test coverage through the prompt addition of new test cases for publicly-reported security issues. In the majority of cases – zero-day and published threats are already covered through the available test cases powered by our Attack Simulation Engine.

Codenomicon test tools cost-effectively enhance the overall quality of code throughout the entire software development lifecycle.

 

Defensics in the SLDC

(click to enlarge)

 

Codenomicon DEFENSICS addresses ISO development and test compliance due process standards. More importantly, identified exposures can be mitigated before liabilities and post-fix costs become significant. By extending rigorous test capability, developers can avoid costs associated with upgrades, patches, breaches, recalls and brand reputation damage.