The world became a little safer for XML professionals this week. Codenomicon, which deals in security testing solutions, released a first-of-its-kind product along those lines called Defensics for XML.
We’ve noted before that the recession has caused many hackers to step up their game – and a lot of non-hackers to rethink their stance – so security is an issue of ever-increasing importance. Tools of just about every type are welcome in the fight, and according to a formal release, Defensics for XML is a doozy.
Codenomicon calls it “the first commercial product which helps software developers and integrators to find zero-day security problems in XML libraries and applications.” Also, “The new test system provides an added capability for testing common XML-based protocols and file formats more efficiently and intelligently.”
And in case you’re curious about the inner workings, the release explains, “Codenomicon DEFENSICS product-line uses a methodology called fuzzing for the proactive elimination of critical security flaws before public exposure. The intelligent fuzzing technique utilized by DEFENSICS takes XML message structures and alters them in ways beyond imagination. XML communications can easily be corrupted by using a multitude of techniques, for example; breaking the encodings, repeating tags and elements or dropping them, adding recursive structures and special characters or causing overflows.”
Hopefully this’ll help protect you and let you breathe a little easier.
