Conventional testing methods enable you to detect and remediate known vulnerabilities in your software, but not unknown ones. Also known as zero-day vulnerabilities, unknown vulnerabilities are particularly dangerous because hackers can exploit them for a long time without being detected. To address this problem, Lexington Soft offers the industry-leading black box fuzz testing tool, Defensics from Synopsys, to help you efficiently and effectively discover and remediate security weaknesses in your software.
Fuzz testing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities. Defensics’ intelligent fuzzing engine has deep knowledge of input types, whether it is an interface, protocol, or file format. It can deliver targeted test cases that exploit that input type’s inherent security weaknesses.
Check out the 250+ prebuilt protocol test suites currently available. You can customize these test suites to fit your needs. Additionally, Defensics provides file and protocol template fuzzers to help you build your own test cases. Expert users can also use the Defensics SDK to develop their own test cases.
Detailed, data-rich reports for remediation
Defensics provides remediation logs that detail the protocol path and message sequences between Defensics and the system under test (SUT) to help you identify the trigger and technical impact of each vulnerability. Each vulnerability is mapped to industry standards such as CWE and injection type. Defensics narrows the vulnerability trigger to a single test case so you can re-create the issue and verify the fix. To facilitate secure, collaborative remediation across the supply chain, Defensics also generates encrypted remediation packages for your software suppliers.
Defensics contains workflows that enable it to fit almost any environment. Its API and data export capabilities allow it to share data for additional reporting and analysis.
Want to know if Synopsys Defensics will meet your fuzz testing needs? Lexington Soft will gladly provide a sales demo and proof of concept, conduct product evaluations and even offer you a free trial!
Lexington Soft also offers the following software testing tools from Synopsys:
- Coverity – SAST tool
- Black Duck – Software Composition Analysis
- Seeker – Interactive Application Security Testing
- Defensics – Fuzz Testing
- Web Scanner – Dynamic Application Security Testing
- Code Dx – AppSec Automation Platform
Invest in software integrity to build trust into your software. Contact us today!