A security assurance engineer was able to perform due diligence across all network-facing protocols.

My prior organization designed, developed and deployed a Network Attached Storage (NAS) appliance. A key part of the company wide security assurance program for all products, is to perform penetration testing against all network facing IP ports.

For the web, SSL and RESTful APIs, there are very good COTS and open source tools to perform Dynamic Application Security Testing (DAST) testing. Unfortunately for NAS protocols like SMB, NFS, CIFS, and iSCSI, I researched and found that Codenomicon Defensics was the only viable source to satisfy our DAST requirements.

Through the use of Selenium for automated web testing, it was easily found out that Codenomicon Defensics could be integrated into our Continuous Integration / Continuous Deployment (CI / CD) Agile processes, specific to automated testing.

Also, like many of the other application security testing products, Defensics incorporates automatic update support and works on Windows, MacOS and Linux desktops.

In our company, we have a lot of applications. A lot of protocols are used between embedded devices which are never tested for any abnormal behaviors. We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues.

It tests for switches and router sections. We use it for product testing. We will get the license and then bring it back to the IT team.