Mozilla has teamed up with BlackBerry
to develop Peach, an application that will allow researchers to better
spot security vulnerabilities in web browsers.
The open-source browser firm and the
mobile specialist said that the tool would provide an open framework
that security researchers could use to perform “fuzzing” techniques.
Such practices are often used to seek out the memory errors which
attackers could target to trigger attacks such as denial of service and
remote code execution.
“BlackBerry has long relied on
large-scale automated testing to identify security issues across its
platform. The collaboration with Mozilla plugs directly into
BlackBerry’s existing security processes and infrastructure,” wrote Michael Coates, Mozilla's director of security assurance.
“BlackBerry regularly uses third-party
fuzzers, in addition to its own proprietary fuzzing tools, static
analysis and vulnerability research, in order to identify and address
potential security concerns across its portfolio of products and
services.”
Coates said that Mozilla would also be
releasing an additional security testing tool known as Minion. The tool
will look to streamline and reduce the time needed to test applications
by automating and reducing the reporting process and limiting the amount
of data that is returned to researchers. The company hopes that the
tool will make the security research process more efficient.
“The Minion testing platform takes a
different approach to automated web security testing by focusing on
correct and actionable results that don’t require a security
professional to validate,” explained Coates.
“Many security tools generate excessive
amounts of data, including incorrectly identified issues that require
many hours of specialised research by a security professional.”
No comments:
Post a Comment