defensics for penetration testers - Codenomicon

FOR PENETRATION TESTING
Why use DEFENSICS in Penetration testing?
DEFENSICS is especially designed for penetration testers.
It contains general purpose XML and Traffic capture fuzzers,
enabling you to test both protocol and application level
implementations, and model-based fuzzers for other frequently
used protocols like HTTP, SSL/TLS and FTP, providing you with
all the tools you need to perform more thorough penetration
testing quickly and easily.
» AUTOMATED PENETRATION TESTING:
Codenomicon DEFENSICS tools are fully automated software based
solutions that are easy to integrate to your own security auditing
processes. The resulting tests are faster and more comprehensive.
» BUILT- IN INTELLIGENCE:
Penetration testing requires substantial knowledge of protocols
and systems from the testers, whereas in Fuzzing the expertise can
be built into the tools. Relatively inexperienced testers can perform
the fuzz tests, making it easier to build up the penetration test
team. Codenomicon’s model-based fuzzers:
• COVER the entire protocol, and document every tested feature
and resulted test case.
• TARGET protocol areas most susceptible to vulnerabilities to
shorten test run times.
• IDENTIFY vulnerabilities in deeper protocol layers.
• GENUINELY INTEROPERATE with systems under test (SUT).
• DO NOT REQUIRE TEST TOOL CREATION OR
MAINTENANCE EFFORT
» TEST ANY PROTOCOL:
The Codenomicon Traffic Capture Fuzzer can be used to test all IPbased
traffic. The tests are generated from captured messages, thus
no protocol specifications are needed to create the tests. It is the
only tool available for testing proprietary protocols and protocol
extensions. It can also be used to test systems in the very early
stages of development.
» TEST ANY LAYER:
Tests should cover all layers of protocols in all infrastructure
components, including browsers, load balancers, firewalls and
application servers. DEFENSICS has ready-made off-the-shelf
test suites for testing all communication layers, from IPv4 and IPv6
to application protocols like HTTP and SIP. Both client and server
implementations can be tested.
» TEST XML APPLICATIONS THOROUGHLY:
XML is widely used, but its complexity not only makes it prone
vulnerabilities, but also hard to test. Codenomicon’s intelligent
stateful fuzzers can genuinely interact with the tested system
and test each layer individually, thus they achieve unparalleled
efficiency in finding vulnerabilities.
» FAST TEST RUNS:
The Codenomicon Penetration Test Suite package enables you to
test faster and more effectively by:
• EXECUTING MULTIPLE TESTS simultaneously
• TARGETING TESTS using MODEL-BASED FUZZERS
and the NETWORK ANALYZER
Example Penetration Test Process:
MAP THE ATTACK SURFACE
Using the Codenomicon Network Analyzer to
map real network traffic and to determine what
needs to be tested. Test external communications,
and client-side threats in the system.
PERFORM SYSTEMATIC TESTING
DEFENSICS supports 150+ industry standard
protocols with ready-made model-based fuzzers.
The general purpose Traffic Capture Fuzzer and
XML Fuzzer will enable you to test any protocol
and XML-application.
REPRODUCE AND REPORT
All vulnerabilities found using DEFENSICS
can be easily reproduced, and the tools will
automatically generate both technical and
management documentation for all tests
and the entire test plan.
CODENOMICON Ltd. | info@codenomicon.com | www.codenomicon.com