Cloud-based fuzzing for zero-day vulnerability discovery
Posted on 25 January 2012.
Codenomicon released the Fuzz-o-Matic cloud-based software security Testing-as-a-Service (TaaS) platform for enterprise software and applications running on Windows, Linux, Mac, and mobile operating systems.


Fuzz-o-Matic provides users actual, repeatable test cases for software bugs that cause product crashes and security breaches. Codenomicon's security testing platform finds previously-unknown vulnerabilities before hackers do, without false positives or false alarms.

For users who already tested software with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), vulnerability scanning, or hybrid analysis, Fuzz-o-Matic is the next progression in testing to find the bugs the other testing solutions missed. For users who have not tested software at all yet, but the user's code is executable, Fuzz-o-Matic provides users longer lead-times to remedy bugs before software release.

According to Ira Winkler, security expert and Codenomicon's Chief Security Strategist, "It is irresponsible to seriously consider investing in or acquiring a software product without testing for software reliability and security. While people think of software fuzzing as a security measure, fuzzing is really testing for all types of software bugs, of which security vulnerabilities are just one type of bug."

Fuzzing is perhaps the most effective measure of identifying any software reliability issues. To that end, investors and M&A professionals need to ensure they use a reliable fuzzing tool that is proven, robust and versatile. Only a testing-as-a-service platform with this level of support can produce repeatable and robust results that can produce a reasonable level of diligence, beyond the straight financials," he added.

Fuzz-o-Matic is a convenient and cost-effective approach to application fuzzing for those who do not have in-house security testers or have a limited budget for penetration testing. Application fuzzing uses unexpected inputs to stress-test software far beyond normal operating conditions.

Most software testing simulates normal operating conditions to determine if software does what it is designed to do. Black-hat hackers use application fuzzing to find exploitable security bugs in unused or rarely-used software functionality.

Microsoft Software Development Lifecycle (SDLC), Cisco SDLC, and Building Security in Maturity Model (BSIMM) recognize the key role of fuzzing in the creation of secure and rugged software. Fuzz-o-Matic uses a range of fuzzers to provide the most comprehensive cloud-based stress-testing and vulnerability detection platform on the Market today.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //