Peach Is A Better Alternative to Synopsys’ Defensics

05/02/2016

Technology firms want to provide secure products and services to their customers. In order to do so, they need to find possible security issues early during the development lifecycle and in an automated manner. Increasingly, technology companies like HP, Mitsubishi, VM Ware, and Axway are turning to both robustness and fuzz testing.

Over the past decade, I have observed five components necessary for successful security testing solutions:

  1. Preempting zero-days: Can it help you find previously unknown vulnerabilities in your product that might otherwise lead to zero-day attacks?
  2. Integration: Can you use it seamlessly within your current product development lifecycle?
  3. Cost-effectiveness: Is it reasonably priced for your current needs? Will it scale to meet your future needs while still being affordable?
  4. Flexibility: Can you use it across your range of products in multiple use cases? Can you extend it to protect your proprietary assets and intellectual property?
  5. Automatable: Can it be used to automate quality assurance or compliance testing? Does it minimize human cycles while maximizing machine cycles?

Current solutions like Synopsys’ (formerly Codenomicon) Defensics leave a lot to be desired when it comes to these requirements. Conversely, our customers find Peach Fuzzer to be ideal for their needs. They have shared with me the features they love and the reasons why. I’ve summarized this feedback below and in the following datasheet.

Peach Fuzzer is a platform, not a tool. Its extensible design and architecture allow it to be seamlessly used for fuzzing file formats, network protocols, web APIs, kernels, and devices. Many customers also extend it to cover proprietary protocols for which no other solutions are available. This eliminates the pain of maintaining separate tools for each protocol or file format. Peach gives the customer one powerful common fuzzing platform for developers, quality assurance testers, and compliance testers; one that scales for every use case.

Peach Fuzzer generates unlimited test cases. It contains a fuzzing engine with over 60 mutation algorithms that are capable of generating millions of intelligent test cases for each target. Peach allows the customer to continuously discover new, previously unknown vulnerabilities and prevent zero-day attacks.

Peach Fuzzer is built for integration with the Product Development Lifecycle. It has built-in monitors that enable automation and integration with solutions like Jira. Peach enables customers to fuzz continuously, maximizing test coverage.

Peach Fuzzer is very easy to use. We have implemented over 90 pit definitions covering more than 50 protocols or file formats. It contains 60 mutators, a comprehensive and intuitive GUI interface, one-click report generation, and pre-configured testing setups, all of which minimize the need for security experts. Since Peach requires no security expertise to use, developers and quality assurance testers can start fuzzing immediately.

Peach Fuzzer is very cost effective and has high ROI compared to other solutions. Its flexible licensing, automation, and robust use cases are catered towards economical scalability. Peach provides extraordinary value for a fraction of the cost of existing solutions.

If you are using or considering Synopsis’ Defensics, can you afford not to check out Peach Fuzzer? You will likely find Peach to be better suited for your wallet and your needs.

Authored by Akshay Aggarwal, CEO
Top