Codenomicon Releases the First Security Testing Product for XML.Hacker Halted Booth #308, Miami Hilton Downtown, September 20-25, 2009 OULU, Finland & CUPERTINO, Calif. -- Codenomicon Ltd, a leading vendor of software security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, solutions, released a new product today for XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. security testing. DEFENSICS for XML is the first commercial product which helps software developers and integrators to find zero-day security problems in XML libraries and applications. Technologies such as .NET, SOAP, VoIP, Web Services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. , industrial automation (SCADA (Supervisory Control And Data Acquisition) A process control application that collects data from sensors and machines on the shop floor or in remote locations and sends them to a central computer for management and control. ) and even banking infrastructure increasingly utilize XML. The new test system provides an added capability for testing common XML-based protocols and file formats more efficiently and intelligently. Ari Takanen, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Codenomicon will be speaking on XML vulnerabilities and highlighting case studies in his talk "Next Generation Fuzzing See fuzz testing. - The Fun of Destructive Software Testing" on September 23, 2009 at 10am during the Hacker Halted Conference at the Miami Hilton Downtown. "With the increasing usage of web applications and social networking sites, the importance of testing them for possible security loop holes and robustness has increased greatly in recent years. Codenomicon's DEFENSICS helps developers find security issues in their products, before they are exploited. As Codenomicon continues to extend its solution across several platforms and technologies such as LTE (Long Term Evolution) See 3GPP. , they are expected to capture additional market shares, in the early stages of the technology lifecycle," said Srihari Padmanabhan, Research Analyst, Frost & Sullivan. The new advancements in XML fuzzing have led to the discovery of vulnerabilities and defects in important applications that are deployed in business-critical environments. Earlier this year, Codenomicon discovered a multitude of vulnerabilities in both open source and commercial XML implementations. The first set of problems published by CERT-FI consisted of vulnerabilities in open source libraries responsible for parsing See parse. parsing - parser XML data. The company has provided testing services to selected responsible and proactive commercial players who depend on XML and its reliability. Now, with the availability of DEFENSICS for XML, any company can test their own implementations for similar problems. "The launch of DEFENSICS for XML has been very an integral component on our roadmap since January 2009, when we noticed the impact of XML vulnerabilities," said David Chartier, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Codenomicon. "Repairing the most critical open source libraries was the first step in releasing a commercial product of this impact in a responsible manner." Codenomicon DEFENSICS product-line uses a methodology called fuzzing for the proactive elimination of critical security flaws before public exposure. The intelligent fuzzing technique utilized by DEFENSICS takes XML message structures and alters them in ways beyond imagination. XML communications can easily be corrupted by using a multitude of techniques, for example; breaking the encodings, repeating tags and elements or dropping them, adding recursive See recursion. recursive - recursion structures and special characters or causing overflows. The result can be a Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) situation, data corruption or, in a severe case, hostile code can be executed on a vulnerable host. About Codenomicon Ltd Codenomicon develops security and quality testing software which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to avoid threats like Denial of Service (DoS) situations and Zero Day Attacks, which increase liability, damage business reputation and cripple sales. For more information, visit www.codenomicon.com. About DEFENSICS for XML Codenomicon DEFENSICS product line is the market leader in proactive fuzzing technologies. DEFENSICS for XML testing solution extends the capabilities of the DEFENSICS product line for testing XML data structures as well as any XML-related protocols and services. For more information, visit www.codenomicon.com/defensics/xml/. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion