Mu Dynamics – A Member of the Microsoft SDL Pro NetworkThe Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft and has been effective since 2004. The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL). As part of the SDL Pro Network, Mu Dynamics offers the Mu Test Suite that can be used in the Verification and Release phases of the SDL. Microsoft SDL ProcessThe Mu Test Suite and the Microsoft SDLThe Mu Test Suite provides critical value to all test organizations implementing the SDL. Mu Test Suite helps shorten release cycles, makes issue resolution more efficient, and fundamentally increases test coverage in the following ways: - Custom Fuzz tests for any protocol
Dramatically reduces fuzz test creation time for any protocol, both standard or proprietary, starting from customer packet captures (pcaps) - Mu Studio Zx automatically generates thousands of highly relevant test cases by analyzing the contents of your packets
- Test engineers no longer need to be fuzzing experts as all the domain expertise is built into the auto-generated tests
- Fuzz test suites for standard protocols
The Mu Protocol Fuzzing Module provides standards-based protocol fuzzing with coverage for over 60 protocols. These tests can be run against both servers or gateway devices (such as proxies) with the Mu acting as both the client and the server. - Remediation Toolkit
Dramatically reduces issue resolution time for any problems found by the Mu fuzz tests - In addition to finding issues, the Mu solution helps fix them by providing testers with a self-contained remediation toolkit that can be used by engineers. This toolkit is comprised of assets allowing developers to rapidly replicate and fix the issues. Examples of the remediation assets are packet captures, test documentation and standalone Linux executables that replicate the test traffic. Once a fix has been provided, the tester simply re-runs the failed tests in order to verify the fix.
- Customized security tests
Test teams use Mu Studio Fx to quickly create custom security test cases by modeling both valid and invalid exchanges between clients and servers or peer-to-peer systems. They provide a spreadsheet consisting of input data and expected outcomes for the exchange. Test teams can also create custom, distributed Denial of Service (DoS) attacks with randomized payload fields, making each instance of the DoS attack unique. - Rapid field issue resolution
For any incident found in the field, the Mu solution helps make the response faster and more accurate as test teams can now quickly isolate the offending packets using xtractr and then re-create the flows using Mu Studio. Once a patch is identified, it is verified using the Mu solution before being rolled out to the customer. xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps and available on pcapr, a cloud based crowd sourced packet repository community that allows people to contribute, collaborate and share their knowledge on communication protocols and exchanges. For more information on the Microsoft SDL, please visit www.microsoft.com/sdl For more information on the Mu Dynamics solutions, please visit any of the following links: Mu Studio Zx Protocol Fuzzing Protocol Fuzzing Demo Featured Customers pcapr – is a crowdsourced packet repository community, powered by Mu Dynamics, that allows people to contribute, collaborate and share their knowledge on communication protocols and exchanges. To contact Mu Dynamics for more information, click here.
|
