Radamsa finds over a hundred browser vulnerabilities

Radamsa is a completely automated data security testing tool developed by The University of Oulu. It has already been used to find over a hundred previously unknown vulnerabilities in browsers. All these vulnerabilities have been reported to the manufacturers for fixing. Vulnerabilities have been found in anti-virus programs and widely used image and audio formats as well.

The University of Oulu is the architect of the structure of the tool and the creator of the testing events. In it, the best properties of previously developed automated data security testing tools have been collated.

The Radamsa software has been developed in the course of a four-year Cloud Software programme. Business partners in the project  have included Ericsson, Nokia, F-Secure, Google, the Mozilla Foundation and WebKit.org. Radamsa is based on an open source code.

”One effective way to look for vulnerabilities, that attackers also favour for their attacks, is a search program in practice. A piece of data is sought against each program that causes an error in the functioning of the program. Naturally, the program has to have a defect so that this will work, but in practice all our cases had at least one defect ”, states The University of Oulu’s Professor of Embedded Systems Juha Röning.

The search for mechanical errors like this is called fuzzing. Often, it makes use of pieces of information that are known to be understood by the program (such as databases and web traffic) as models by which the fuzzer can construct the same types of attacks with which it can see if there are vulnerabilities in the program.

Radamsa homepage