Mozilla has teamed up with BlackBerry
to develop a tool which will allow researchers to better spot security
vulnerabilities in web browsers.
The companies said that the tool would
provide an open framework which security researchers could use to
perform “fuzzing” techniques. Such practices are often used to seek out
the memory errors which attackers could target to trigger attacks such
as denial of service and remote code execution incidents.
By combining their efforts, the
open-source browser firm and the mobile specialist hope to create a new
set of open source security research tools which can be implemented to
root out and report possible flaws in web browsers.
“BlackBerry has long relied on
large-scale automated testing to identify security issues across its
platform. The collaboration with Mozilla plugs directly into
BlackBerry’s existing security processes and infrastructure,” wrote Michael Coates, Mozilla director of security assurance.
“BlackBerry regularly uses third-party
fuzzers, in addition to its own proprietary fuzzing tools, static
analysis and vulnerability research, in order to identify and address
potential security concerns across its portfolio of products and
services.”
Coates said that Mozilla would also be
releasing an additional security testing tool known as Minion. The tool
will look to streamline and reduce the time needed to test applications
but automating and reducing the reporting process and limiting the
amount of data which is returned to researchers. The company hopes that
the tool will make the security research process more efficient.
“The Minion testing platform takes a
different approach to automated web security testing by focusing on
correct and actionable results that don’t require a security
professional to validate,” explained Coates.
“Many security tools generate excessive
amounts of data, including incorrectly identified issues that require
many hours of specialized research by a security professional.”
No comments:
Post a Comment