Codenomicon has announced the release of its Unknown Vulnerability Management (UVM) Lifecycle model. The UVM Lifecycle is claimed to be the first security assurance process which focuses on unreported vulnerabilities. The UVM model helps companies and organisations find and fix unknown vulnerabilities, before anyone has a chance to exploit them, making their software hacker-proof. The Codenomicon UVM solutions can not only be used to secure networks, devices and applications, but also the software used to protect them, namely firewalls, VPNs etc.
The UVM model’s core technology is fuzzing, a technique used by hackers to find unknown vulnerabilities. Unlike other testing tools, fuzzers do not look for particular vulnerabilities. Instead, they use modified inputs to trigger vulnerabilities, thus they can discover both known and unknown vulnerabilities. The company’s Defensics Attack Simulation Engine is claimed to be the only state-aware fuzzing platform. It can interoperate with the tested system and target areas most prone to vulnerabilities, while maintaining broad coverage through automatic test generation.
The UVM process consists of four phases: analyse, test, report and mitigate. The whole process is covered by automated testing tools. In the first phase, the network analyser is used to form a comprehensive picture of the entire network with automatically created visualisations. Once all the open interfaces are identified, they can then be tested for vulnerabilities with the automated Defensics test tools that also contain automated features for generating different levels of reports, reproducing vulnerabilities, performing regression testing and verifying patches.
Resources on unknown vulnerabilities, including three white papers, are available at www.codenomicon.com/unknown/.