News

IT security tool tackles unreported vulnerabilities

Codenomicon has released what it claims is the industry's first security assurance process to focus on unreported vulnerabilities.

"Unknown vulnerabilities are the biggest threat to IT systems, because there are no defences for attacks against them," said Ari Takanen, CTO of Codenomicon. "Finding and fixing unknown vulnerabilities in in-house and third party software should be the number one security priority."

The core technology behind Codenomicon's UVM model is Fuzzing, a technique used by hackers to find unknown vulnerabilities. Unlike other testing tools, Fuzzers, which are built into Codenomicon's "Defensics Attack Simulation Engine", modifies inputs to trigger vulnerabilities. Codenomicon claims the technique allows it to discover both known and unknown vulnerabilities.

Automated vulnerability testing tools 
  Codenomicon's unknown vulnerability management process consists of four phases: Analyse, Test, Report and Mitigate. The whole process is covered by automated testing tools.

In the first phase, the Codenomicon Network Analyzer is used to build a picture of the entire network. Once all the open interfaces are identified, they can then be tested for vulnerabilities with Codenomicon's automated Defensics test tools. All the expertise needed to carry out the tests is built into the tools.

The Defensics tools also contain automated features for generating different levels of reports, reproducing vulnerabilities, performing regression testing and verifying patches. Finding, reporting and mitigating unknown vulnerabilities has never been easier, Codenomicon said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy