IT security tool tackles unreported vulnerabilities


IT security tool tackles unreported vulnerabilities

Cliff Saran

Codenomicon has released what it claims is the industry's first security assurance process to focus on unreported vulnerabilities.

"Unknown vulnerabilities are the biggest threat to IT systems, because there are no defences for attacks against them," said Ari Takanen, CTO of Codenomicon. "Finding and fixing unknown vulnerabilities in in-house and third party software should be the number one security priority."

The core technology behind Codenomicon's UVM model is Fuzzing, a technique used by hackers to find unknown vulnerabilities. Unlike other testing tools, Fuzzers, which are built into Codenomicon's "Defensics Attack Simulation Engine", modifies inputs to trigger vulnerabilities. Codenomicon claims the technique allows it to discover both known and unknown vulnerabilities.

Automated vulnerability testing tools 
  Codenomicon's unknown vulnerability management process consists of four phases: Analyse, Test, Report and Mitigate. The whole process is covered by automated testing tools.

In the first phase, the Codenomicon Network Analyzer is used to build a picture of the entire network. Once all the open interfaces are identified, they can then be tested for vulnerabilities with Codenomicon's automated Defensics test tools. All the expertise needed to carry out the tests is built into the tools.

The Defensics tools also contain automated features for generating different levels of reports, reproducing vulnerabilities, performing regression testing and verifying patches. Finding, reporting and mitigating unknown vulnerabilities has never been easier, Codenomicon said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy