TMCnet News
Codenomicon Releases the First Security Testing Product for XMLOULU, Finland & CUPERTINO, Calif. --(Business Wire)-- Codenomicon (News - Alert) Ltd, a leading vendor of software security testing solutions, released a new product today for XML security testing. DEFENSICS for XML is the first commercial product which helps software developers and integrators to find zero-day security problems in XML libraries and applications. Technologies such as .NET (News - Alert), SOAP, VoIP, Web Services, industrial automation (SCADA) and even banking infrastructure increasingly utilize XML. The new test system provides an added capability for testing common XML-based protocols and file formats more efficiently and intelligently. Ari Takanen (News - Alert), CTO of Codenomicon will be speaking on XML vulnerabilities and highlighting case studies in his talk "Next Generation Fuzzing - The Fun of Destructive Software Testing" on September 23, 2009 at 10am during the Hacker Halted Conference at the Miami Hilton Downtown. "With the increasing usage of web applications and social networking sites, the importance of testing them for possible security loop holes and robustness has increased greatly in recent years. Codenomicon's DEFENSICS helps developers find security issues in their products, before they are exploited. As Codenomicon continues to extend its solution across several platforms and technologies such as LTE (News - Alert), they are expected to capture additional market shares, in the early stages of the technology lifecycle," said Srihari Padmanabhan, Research Analyst, Frost & Sullivan (News - Alert). The new advancements in XML fuzzing have led to the discovery of vulnerabilities and defects in important applications that are deployed in business-critical environments. Earlier this year, Codenomicon discovered a multitude of vulnerabilities in both open source and commercial XML implementations. The first set of problems published by CERT-FI consisted of vulnerabilities in open source libraries responsible for parsing XML data. The company has provided testing services to selected responsible and proactive commercial players who depend on XML and its reliability. Now, with the availability of DEFENSICS for XML, any company can test their own implementations for similar problems. "The launch of DEFENSICS for XML has been very an integral component on our roadmap since January 2009, when we noticed the impact of XML vulnerabilities," said David Chartier, CEO of Codenomicon. "Repairing the most critical open source libraries was the first step in releasing a commercial product of this impact in a responsible manner." Codenomicon DEFENSICS product-line uses a methodology called fuzzing for the proactive elimination of critical security flaws before public exposure. The intelligent fuzzing technique utilized by DEFENSICS takes XML message structures and alters them in ways beyond imagination. XML communications can easily be corrupted by using a multitude of techniques, for example; breaking the encodings, repeating tags and elements or dropping them, adding recursive structures and special characters or causing overflows. The result can be a Denial of Service (DoS) situation, data corruption or, in a severe case, hostile code can be executed on a vulnerable host. About Codenomicon Ltd Codenomicon develops security and quality testing software which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to avoid threats like Denial of Service (DoS) situations and Zero Day Attacks, which increase liability, damage business reputation and cripple sales. For more information, visit www.codenomicon.com. About DEFENSICS for XML Codenomicon DEFENSICS product line is the market leader in proactive fuzzing technologies. DEFENSICS for XML testing solution extends the capabilities of the DEFENSICS product line for testing XML data structures as well as any XML-related protocols and services. For more information, visit www.codenomicon.com/defensics/xml/. |
