SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




Codenomicon Unveils Security Testing Product for XML
» More Security Feature Articles

Security Featured Article


September 23, 2009

Codenomicon Unveils Security Testing Product for XML

By Jyothi Shanbhag, TMCnet Contributor


Security and testing software developer Codenomicon Ltd has reportedly unveiled a new product for XML security testing called, DEFENSICS for XML.

 
According to Codenomicon (News - Alert), DEFENSICS for XML addresses different aspects of XML usage such as Standard XML based protocols, file formats, XML-RPC -and SOAP based application communications and security XML parsers.
 
It uses a new methodology called fuzzing for the proactive elimination of critical security flaws and takes XML message structures and alters them. This new solution avoids XML communications corruption which usually happens by using a multitude of techniques, such as breaking the encodings, repeating tags and elements or dropping them, adding recursive structures and special characters or causing overflows. The result can be a Denial of Service (DoS) situation, data corruption or, in a severe case, hostile code can be executed on a vulnerable host.
 
Also, DEFENSICS model-based approach guarantees the intelligence of the tests and provides an added capability for testing common XML-based protocols such as .NET (News - Alert), SOAP, VoIP, Web Services, industrial automation (SCADA) and even the banking infrastructure.
 
"The launch of DEFENSICS for XML has been very an integral component on our roadmap since January 2009, when we noticed the impact of XML vulnerabilities," said David Chartier, CEO of Codenomicon. Chartier said that repairing the most critical open source libraries was the first step in releasing a commercial product of this impact in a responsible manner.
 
Since the tools genuinely interoperate with the system under test (SUT), testers can be assured that the input is actually being processed. This is a basic requirement of meaningful security tests, says the company.
 
According to Srihari Padmanabhan, Research Analyst, Frost & Sullivan (News - Alert), Codenomicon’s DEFENSICS helps developers find security issues in their products, before they are exploited. Padmanabhan adds that Codenomicon continuous extension of solution across several platforms and technologies such as LTE (News - Alert) is expected to capture additional market shares, in the early stages of the technology lifecycle.
 
 
 
 
 

Jyothi Shanbhag is a contributing editor for TMCnet. To read more of Jyothi's articles, please visit her columnist page.

Edited by Stefania Viscusi


» More Security Feature Articles







Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy