"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba

Fuzzing in Agile Software Development   pdf

"One of the greatest challenges for fuzzing and all types of test automation is how to integrate it with agile software development." - Ari Takanen, CTO, Codenomicon

Agile development is everywhere

There is not a single person involved in the software development who has not heard the agile manifesto. While the methods have been used in one form or another since late 1950's, only recently has agile software development become maintstream. Although it might not suitable for every project, it has certainly proved it's worth in bringing new solutions and right features to customers at the right time. Agile projects main goal is to save time through developing customer relevant features that add value, and getting things done with faster release cycles.

Testing processes to meet agile requirements

Though the manifesto highlights four indicators which should guide development teams, it is imperative to notice that their counterparts are not to be completely excluded. Preferring individuals and interactions over processes and tools does not mean that processes and tools are not needed or used at all. It just means that the testing processes need to be adapted to meet the agile requirements.

Introducing threat analysis and fuzzing in agile development models

Threat analysis and fuzzing are included in the traditional secure development lifecycle (SDL) models, but are missing from agile guidelines. The threat analysis should added as a scrum backlog item or equivalent in other agile methods. In threat analysis, interfaces that can be potentially abused with malformed data are identified and selected as fuzzing targets, saving time and testing resources when the number of test targets is reduced. Once done properly in agile team, developers usually start to automatically assess possible threats against newly developed features.

Codenomicon Defensics for agile fuzzing

Codenomicon Defensics is a model-based, fully automated fuzz testing platform. Defensics fuzz test suites integrated in agile development process will improve software quality by finding the vulnerabilities quickly and efficiently and by verifying the fixes during regression testing phase. Cut costs by fixing the vulnerabilities proactively and reducing the number of security patches needed.

Read more about Defensics.

Contact us! Send us an email at sales@codenomicon.com to learn more about fuzzing solutions for agile software development.

Answer our agile fuzzing poll

How do you integrate fuzzing in your agile development process? Answer our poll!

surveys & polls