Codenomicon has released a general-purpose fuzzing tool for testing all communication interfaces. The DEFENSICS Traffic Capture Fuzzer loads threat vectors from sources like network analyzers and vulnerability feeds, and automatically generates extensive tests to find zero-day threats in protocol implementations.
The Traffic Capture Fuzzer reads files in PCAP format, which is supported by all network analyzers and which is generally accepted as a standard for storing network flows. The Traffic Capture Fuzzer is software-based solution, and therefore, it is easy to use at every stage of the software development lifecycle. Programmers can start testing their protocol stacks immediately after the protocol interface is up and running. Penetration testers can go to any test setup, and have their fuzz tests running minutes after the initial analysis of the system.
Fuzzing is a versatile and comprehensive security testing technique making it a most suitable tool for testing the reliability of novel communication devices or business critical systems and applications. The most effective fuzzing techniques are based on protocol models, but traffic capture based solutions complement these approaches. Traffic Capture Fuzzing is essentially black-box testing -- that is, no access to the source code is needed in order for the tests to find new vulnerabilities. In contrast to security scanners and vulnerability scanners, fuzzing can find and eliminate zero-day exposures in any communication software, network equipment or complex network service.