Flinder advantages

Flinder was designed and developed to be a robust and flexible test framework that can be applied in the widest possible environments, providing cost-effective services and requiring the least possible investment from our customers. This way SEARCH-LAB can deliver the most appropriate solution according to any special needs, resulting in the best possible cost-efficiency ratio and highest end-user satisfaction.

Advantages of Flinder and SEARCH-LAB in general

Flinder and SEARCH-LAB possess numerous advantages, which can make the offered solutions attractive for our customers:

Special up-to-date security expertise

Security testing is a special area of software testing, where normal testing or IT background is not sufficient on its own. Moreover one has to continuously follow the ever-advancing hacking technologies and update not only his own knowledge, but the tools as well. SEARCH-LAB test engineers are specialized in the field of security testing especially focusing on the mobile field, and have besides the academic knowledge advanced security background with up-to-date knowledge on security vulnerabilities, exploitation possibilities, encryption techniques and related cipher attacks.

Continuous development

A dedicated development team continuously develops Flinder, following up actual security trends, analyzing new hacking techniques, and updating test algorithms accordingly. Customers receive always the most up-to-date test vectors.

Test environment

A secure testing laboratory is set up at SEARCH-LAB premises, so customers do not have to establish an expensive testing environment. The testing laboratory meets state-of-the-art security requirements and is equipped with the necessary hardware and software tools to execute vast number of test cases in parallel in a time-efficient manner.

Short lead-time

Testing project length depends naturally on the quantity and complexity of the evaluated file formats and protocols. In general a complete project (from test vector generation through test execution till delivery of regression testing tool) requires approx. 4-6 weeks.

Flexibility

We provide flexible solutions from both technical and commercial points of view. Test vectors are not packaged, different file formats and protocols are offered independently, and there are no restrictions in file formats indeed. Customers can choose to buy those vectors that they require, they can choose to execute tests internally or assign SEARCH-LAB to develop an actuator (which executes and evaluates the outcomes of the tests) and run the tests, or as an option, we can provide customers with a Flinder Test Re-run Tool for regression testing.

No special hardware need

Flinder runs under MS Windows, so test vectors are generated in PC environment and only the dispatching of test vectors and the test result evaluation steps are done on the target platform, which can be a production server or even an embedded system, like a mobile handset.

Advantages of Flinder compared to static source code analysis

Flinder is complimentary to today's widely-used static source code analysis tools and provides additional benefits:

True positives

Flinder reports only true positives. When Flinder indicates a problem, it is sure that the given defect is relevant. Due to the way of operation, Flinder will only report cases, where a security issue has truly been identified. So there is no need to spend remarkable resources to manually double-check the high number of false positives, like in the case of static source code analysis.

Superior bug detection

Flinder can detect a larger set of bugs compared to source code analyzers, because of the following aspects:

Complexity

Due to complexity issues, static source code analysis cannot discover certain classes of bugs. Because Flinder does not need to resolve or understand the internal operation of the application, it can focus on the actual operation of the Target of Evaluation (ToE), and by trying out test vectors triggering the typical security-relevant programming bugs, it can detect even complex bugs efficiently.

File format and protocol focus

Flinder can be customized to look for typical bugs related to a given file format or protocol, which has already been made public. No need to analyze the whole application.

Compound functional bugs

Flinder can look for compound input validation bugs, such as cryptographic errors, logical flaws and encoding bugs, which cannot or very hard to be discovered by usual static source code analysis technologies.

Advantages of Flinder compared to competing testing tools

Besides the advantages explained above Flinder has a number of important specific advantages compared to the competing solutions:

Custom file formats and protocols

Usually our competitors only support generic file formats, while SEARCH-LAB also offers to develop test suites for proprietary file formats and protocols at competitive prices. The flexibility of Flinder and SEARCH-LAB enable rapid responses to customers' demands.

Reduced resource needs from the customer

SEARCH-LAB takes over resource-intensive and costly tasks from the customer. Our flexible service portfolio already includes test execution involving customizing the test environment for the actual Target of Evaluation (i.e. test case dispatching and test case assessment).

White-box testing

Flinder is capable of carrying out source code based, so-called white-box testing for security-critical implementations. The highly-customizable architecture of Flinder enables test injections directly to API, module or even function levels, which makes modular security and robustness testing possible in a fine-grained level, that no other competing solution offers.