• Newsletters
  • INDUSTRY PERSPECTIVES
  • TECHNICAL RESOURCES
  • WEBINARS
  • SUBSCRIBE
    1. Safety/Security
    2. Security

    Fuzz Test Analysis Identifies ICS Software Vulnerabilities

    Aug. 11, 2017
    Synopsys fuzzing report identifies IoT and industrial control systems software as most vulnerable to exploits.

    Synopsys, Inc. releases its fuzzing report, which provides deep analysis on potential zero-day exploits in the open source protocols and common file formats used across six key industries, including automotive, financial services, government, healthcare, industrial control systems and Internet of Things (IoT). The results reportedly stem from more than 4.8 billion fuzz tests conducted by Synopsys' customers in 2016 using the Defensics Fuzz Testing solution.

    "Fuzz testing is a powerful component of the Synopsys Software Integrity Platform to uncover zero-day vulnerabilities and help organizations protect their software," says Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group. "By analyzing such a large data set from our customers, the Synopsys fuzzing report provides visibility into unknown, hard-to-find vulnerabilities and highlights where security teams should look to improve the quality and security of their software."

    The overall average time to first failure (TTFF) — the first instance when a protocol crash is recorded — was 1.4 hours, according to Synopsys. In the case of more mature protocols, the length of time is in hours. But with less mature protocols, that time could be as short as a few seconds, indicating a higher likelihood of exploitable vulnerabilities. The least mature protocol tested in 2016 was IEC-61850 MMS (ICS). This is a niche protocol used in IoT and industrial control systems. The average TTFF for IEC-61850 MMS was 6.6 seconds. The most mature protocol tested in 2016 was TLS client (Core IP). This is commonly used for secure web browsing including online banking and e-commerce. The average TTFF for TLS client was nine hours.

    According to a recent Forrester Research report: "Security pros have applied fuzz testing and application hardening tools on web applications for many years. However, these tools are finding new footholds in the IoT market, where applications are hard to crawl with traditional prerelease testing tools like DAST and face the same tampering threats as mobile applications. As IoT applications become more prevalent, expect fuzz testing and application hardening tools to have a rebirth."

     For more information, visit: www.synopsys.com 

    Continue Reading

    Sponsored Recommendations

    Heat Recovery: Turning Air Compressors into an Energy Source

    More than just providing plant air, they're also a useful source of heat, energy savings, and sustainable operations.

    Controls for Industrial Compressed Air Systems

    Master controllers leverage the advantages of each type of compressor control and take air system operations and efficiency to new heights.

    Discover Your Savings Potential with the Kaeser Toolbox

    Discover your compressed air station savings potential today with our toolbox full of calculators that will help you determine how you can optimize your system!

    The Art of Dryer Sizing

    Read how to size compressed air dryers with these tips and simple calculations and correction factors from air system specialists.