"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code

We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.

If you're serious about implementing protocols correctly, you need the Codenomicon tools."

-- Jeremy Allison,
   Co Creator of Samba

Unknown Vulnerability Management   pdf

Unknown Vulnerability Management


Welcome to Codenomicon's online resources on Unknown Vulnerability Management. We have listed some of our past webcasts that might interest you below. We also encourage you to browse through other material on our web site.

Fuzzing 101 Webinar: Fuzz your infrastructure - the blackhats are doing it, shouldn't you?

Date: April 12, 2011

Zero-day (a.k.a. unknown) vulnerabilities are the achilles heel for IT security; attacks exploiting zero-days have a free license to wreak havoc in a business environment. Current vulnerability discovery technologies typically focus on managing known vulnerabilities, and does not in itself constitute a complete vulnerability management strategy.

In this Fuzzing 101 webcast, our guest speaker is the VP and principal analyst Dr. Chenxi Wang from Forrester Research Inc. She will discuss the concept of "fuzzing your infrastructure". Fuzzing is a technique that is often used to discover zero-day vulnerabilities. The bad guys are using fuzzing constantly; shouldn't you know how to use it to your advantage?

In this webcast you will learn how to incorporate fuzzing in your vulnerability management strategy, where and when to do fuzzing, and the criteria via which to select an effective fuzzing tool.

More information and Download / View
> http://www.codenomicon.com/resources/webcasts/20110412.shtml

Fuzzing 101 Webinar: UVM Phase 1: Attack Surface Analysis

Date: December 8, 2010

The greatest security challenge for enterprises today is discovering attack vectors created by unknown vulnerabilities lurking in software. By recording actual traffic in your network and examining it, you can reveal vulnerable interfaces that you were not aware of and even discover possible zero-day exploits in action. We will demonstrate the use of Network Analyzer -based analysis techniques to map the attack surface from real network traffic and to determine what needs to be tested within your network. Our product, Codenomicon Network Analyzer, records traffic at multiple points in your network, thus it can capture the entire traffic in your network. It then automatically creates visualizations illustrating different aspects of the captured data. You can drill up and down from looking at high-level visualizations to inspecting the corresponding packet data, even in real time, and reveal hidden interfaces and possible exploits. These scenarios can then easily be integrated to your security testing.

More information and Download / View:
> http://www.codenomicon.com/resources/webcasts/20101208.shtml

Fuzzing 101 Webinar: UVM Phase 2: Security Testing

Date: January 20, 2011

In all forms of cyber attacks, the initial access into the system or device is enabled by a vulnerability in the code. Unknown Vulnerability Management is the process of proactively identifying and mitigating threats caused by unknown vulnerabilities. It is applicable both before and after deployment and can be used to ensure the security and robustness of both in-house and third party software productions.

The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the second phase, Testing. Learn how you can run multiple Defensics test suites simultaneously and discover both known and previously unknown vulnerabilities with unparalleled efficiency.

More information and Download / View:
> http://www.codenomicon.com/resources/webcasts/20110120.shtml

Fuzzing 101 Webinar: UVM Phases 2 and 4: Reporting and Mitigation

Date: February 10, 2011

Security of enterprise networks is based on blind trust to vendor's product security practices. But based on our studies at Code Labs, majority of enterprise software have minimal or no security built-in. With Codenomicon Defensics, enterprise users can gain visibility on the true security and reliability of third party developments by either running black-box tests themselves or insisting that vendors use Codenomicon Defensics or similar fuzzing tools.

The Codenomicon's Unknown Vulnerability Management Lifecycle consists of four phases: Analysis, Testing, Reporting and Mitigation. This webcast will focus on the last two phases, Reporting and Mitigation.

In this webcast we will look at how collaborative tools can be used to share test environments and documentation between enterprises and vendors.You will learn how generate different types of reports for different audiences, augment test case documentation with PCAP traffic recordings and to use the Remediation Package to report findings to third parties, such as vendors. You will also see how test case documentation can be used to create tailored IDS/IPS rules to block possible zero-day attacks.

More information and Download / View:
> http://www.codenomicon.com/resources/webcasts/20110210.shtml

Fuzzing 101 Webinar: Zero Day Vulnerability Management

Date: July 6, 2010

In this webcast, we explore the process of zero-day vulnerability management from initial threat analysis to automated detection and remediation. We will demonstrate how easy it is to detect attack vectors and to quickly assess the reliability and security of those interfaces using general purpose fuzzing solutions. We will also show you how you can complement these solutions with known vulnerability data and do patch verification easily and cost-effectively. Finally, we will discuss how you can tailor your defenses to block zero day attacks, which is a key aspect of vulnerability management.

More information and Download / View:
> http://www.codenomicon.com/resources/webcasts/20100706.shtml