Better Software - June 2008 - (Page COD4)

Codenomicon whitepaper: How to integrate FUZZING and security testing into SDLC 3 Security Test Product of the Year 2008 By Juan Rosales, research analyst, Frost and Sullivan The 2008 Frost & Sullivan Award for Product of the Year in the World security test market is presented to Codenomicon Ltd. (Codenomicon) in recognition of DEFENSICS 3.0, the most recent version of the company’s flagship software-based test platform targeted at developers, service providers, and enterprises who deal with a variety of interfaces in the network equipment they make or utilize in their networks. Providing preemptive security and robustness testing for Internet, wireless and digital media systems, DEFENSICS 3.0 covers over 140 network protocols, digital media formats, and wireless interfaces, allowing for fast test execution. Extremely user-friendly, DEFENSICS 3.0 features a new and improved graphical user interface (GUI) that enables technicians to control multiple test runs from a single interface. The new platform also allows for easy migration from version 2.0, with each important test tool receiving a full update. Furthermore, DEFENSICS 3.0 has improved upon the test coverage capabilities of its preceding versions, allowing the end users to alter their test cases based on time and priority while producing custom tests. As a result, DEFENSICS 3.0 is poised to be a premier solution for robustness testing in security test applications. Headquartered in Oulu, Finland, Codenomicon markets its testing software and services directly and through international partners. Codenomicon’s customers include Alcatel-Lucent, AT&T, Cisco Systems, F5 Networks, Nordea, Nortel, Microsoft and Siemens AG among many others. The company is privately held with investments from Eqvitec Partners and Prime Technology Ventures. Codenomicon, whose main objective is to ensure the security and robustness of any application or service implementation, has been recognized by the industry for its innovations in systematic blackbox negative testing. Development and security personnel in lab or staged environments utilize Codenomicon’s DEFENSICS platform to fortify quality and security assurance- quickly, easily and reliably. The test software features a systematic blackbox and negative test methodology uniquely capable of revealing undesired behavior and issues in protocol implementations. Codenomicon teams its Protocol Modeling Engine and Attack Simulation Engine with protocol support that covers network, wireless, and digital media. Thousands of pre-built, highly targeted, and well-documented test cases allow users to see results as soon as the platform is connected to the target system – accelerating time-to-value. Codenomicon’s test tools benefit all end-users in the software, networking, service provider and defense industry. Developers can cut development and maintenance costs by catching bugs early in the software development lifecycle, while operators can test and compare software from different vendors and fix any outstanding bugs. Enterprises and independent labs can test the robustness of software to provide insights for purchase decisions or risk analysis. Among DEFENSICS 3.0’s most important business-related benefits is its ability to enable vendors, carriers, and enterprises to identify and fix security flaws and quality issues pre-emptively. This process, which is performed via intelligent negative testing and maintained RFC coverage, ensures that such flaws are eliminated before they can be discovered by third parties. Also, the inclusion of automated, ready-made tests removes the need for end users to learn new frameworks or to design tests from scratch. DEFENSICS 3.0 comes equipped with thousands of pre-defined, fully configurable test cases that are optimized to efficiently discover irregular responses, slower system reaction, or terminated processes or system crashes. By knowing only the test target protocol interfaces, DEFENSICS 3.0 users can readily start testing and experiencing immediate results. The most recent platform version also offers shorter test cycles than its predecessors. Furthermore, identified flaws are repeatable and traceable, and tests can be reused for regression purposes. Users have fully-integrated documentation, the exact test case construct, and input context to determine the main cause of any identified defects. DEFENSICS 3.0, which is a highly portable and scalable solution, allows for easy integration to satisfy end user needs. The platform runs on various operating systems and nominal hardware, including laptops. This software-only solution provides engineering and security professionals the flexibility to immediately test any system or device in field or lab settings. The software supports remote users, multiple sites, multiple protocols, external audits, and third-party license management systems. By making the system accessible to different teams and users, organizations can increase usage and optimize resources while reducing expert staff utilization, as well as extra travel and preparation costs. Much like with DEFENSICS 2.0, the current platform version covers many different interfaces and formats, enabling the testing of systems from link-level communications all the way up to the application protocol. However, DEFENSICS 3.0 is able to cover a variety of new types of interfaces and usage scenarios, due to advances in testing technology. The Frost & Sullivan Award for Product of the Year is presented each year to the company that has demonstrated excellence in new product development and launch within its industry. The recipient company has shown innovation by launching a broad line of emerging products and technologies. For more information on the Frost & Sullivan Security Test Product of the Year 2008 award, see: http://www.codenomicon.com/resources/whitepapers/2008-product-of-the-year.shtml PREEMPTIVE SECURITY AND ROBUSTNESS TEST SOLUTIONS http://www.codenomicon.com/resources/whitepapers/2008-product-of-the-year.shtml

Table of Contents Feed for the Digital Edition of Better Software - June 2008

Better Software - June 2008 Contents Mark Your Calendar Contributors Technically Speaking eLightenment Code Craft Test Connection Management Chronicles Agile Model-Driven Development The Myth of Risk Management Stop the Insanity! Product Announcements 10 Things You Might Not Know About … The Last Word Ad Index

Better Software - June 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.