"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
"One of the greatest challenges for fuzzing and all types of test automation is how to integrate it with agile software development." - Ari Takanen, CTO, Codenomicon
Agile development is everywhere
There is not a single person involved in the software development who has not heard the agile manifesto. While the methods have been used in one form or another since late 1950's, only recently has agile software development become maintstream. Although it might not suitable for every project, it has certainly proved it's worth in bringing new solutions and right features to customers at the right time. Agile projects main goal is to save time through developing customer relevant features that add value, and getting things done with faster release cycles.
Testing processes to meet agile requirements
Though the manifesto highlights four indicators which should guide development teams, it is imperative to notice that their counterparts are not to be completely excluded. Preferring individuals and interactions over processes and tools does not mean that processes and tools are not needed or used at all. It just means that the testing processes need to be adapted to meet the agile requirements.
Introducing threat analysis and fuzzing in agile development models
Threat analysis and fuzzing are included in the traditional secure development lifecycle (SDL) models, but are missing from agile guidelines. The threat analysis should added as a scrum backlog item or equivalent in other agile methods. In threat analysis, interfaces that can be potentially abused with malformed data are identified and selected as fuzzing targets, saving time and testing resources when the number of test targets is reduced. Once done properly in agile team, developers usually start to automatically assess possible threats against newly developed features.
Codenomicon Defensics for agile fuzzing
Codenomicon Defensics is a model-based, fully automated fuzz testing platform. Defensics fuzz test suites integrated in agile development process will improve software quality by finding the vulnerabilities quickly and efficiently and by verifying the fixes during regression testing phase. Cut costs by fixing the vulnerabilities proactively and reducing the number of security patches needed.
Read more about Defensics.
Contact us! Send us an email at firstname.lastname@example.org to learn more about fuzzing solutions for agile software development.
Answer our agile fuzzing poll
How do you integrate fuzzing in your agile development process? Answer our poll!