January 14, 2014

Denim Group Helps Leading Anti-malware Provider Malwarebytes Harden Its Enterprise Product To Deliver Continuous Protection

Denim Group Devises Comprehensive Assessment To Properly Test Malwarebytes Enterprise Edition Web-based and Client-Server Modules To Ensure Its Security

San Antonio, Texas – January 13, 2014 – Denim Group, the leading secure software development company, today announced its role in assisting Malwarebytes to successfully protect its Malwarebytes Enterprise Edition (MEE) from malicious attacks. Malwarebytes products are well known for providing desktop and enterprise protection technologies that consistently protect against malware threats that typically evade standard antivirus protection. In fact, in just four years, Malwarebytes Anti-Malware reached critical mass after being downloaded by over 300 million consumers worldwide, causing the corporate world to demand a Malwarebytes anti-malware solution for the enterprise. Malwarebytes turned to leading secure software development company Denim Group to provide a third-party security assessment of Malwarebytes Enterprise Edition (MEE) to identify potential security weaknesses in the product before hackers did.

Denim Group had earned an industry reputation for not only testing the most complex applications, but for having extensive experience in building systems with critical security, compliance and performance requirements. Malwarebytes had the confidence that Denim Group’s testing team would have the ability to identify critical design and architectural weaknesses as well as coding flaws in MEE prior to it being deployed into environments that would protect up to 50,000 customer endpoints.

However, because MEE is a complex system consisting of several main components that include a web-based application as well as client-server modules, a customized testing approach needed to be created. In the case of MEE, a one-size-fits-all testing approach based solely on automated scanners would not be effective. This was due to the fact that not only did the sophisticated architecture of MEE need to be tested but the potential weaknesses and vulnerabilities related to the interaction of these modules and the behavior of the system as a whole needed to be tested as well.

Denim Group leveraged its deep systems development knowledge to create a customized test plan that allowed for the thorough examination of the different components in the system. The tailored testing procedure consisted of identifying all parts of the system and determining what testing approach or approaches would be most effective for testing each part of the system as well as identifying the correct mix of automated and manual analysis.

“By going beyond the simple use of automated scanning tools, we were able to create a tailored testing plan that could thoroughly assess a complex, modern application such as Malwarebytes MEE,” said Dan Cornell, Denim Group Principal and CTO. “Denim Group’s deep understanding of the application logic helped guide the testing approach, providing Malwarebytes broader test coverage and the confidence that MEE’s security had been thoroughly tested and vetted.”

Initially, the application architecture was outlined to create a threat model for the system as well as an overall assessment plan specific to the unique security requirements of the MEE application. Then, automated static analysis tools were used to examine the application source code to identify common coding flaws such as format string exploits, race conditions, memory leaks and buffer overflows that lead to security vulnerabilities. In addition, various dynamic testing methodologies were applied in an attempt to identify additional classes of vulnerabilities not identified by static testing. Finally, Denim Group consultants performed extensive manual testing to identify vulnerabilities in application logic and authentication of the system not identified by automated testing. This approach leveraged a combination of automated and expert analyst review and testing methodologies to best identify issues across the spectrum of potential weaknesses and vulnerabilities that can be present in such a complicated system. The results of the testing were written up in a report for Malwarebytes executives and presented to Malwarebytes developers with a discussion of the most expedient and effective approaches and recommendations to remediate potential issues.

“As a result of Denim Group’s thorough methodology, issues found during testing were addressed in a timely and thorough manner, making MEE much more resilient prior to product launch,” said Marcin Kleczynski, Malwarebytes CEO. “Their approach also provided us with the confidence and third party perspective we needed to release a security product into the market because as a leader in the Anti-Malware space, hackers find Malwarebytes a particularly attractive target. With Denim Group’s help, Malwarebytes was able to focus on building the features needed to make MEE a solid addition to the layered security approach being employed by today’s organizations to ensure employees, customers and corporate date remains safe and secure.”

Founded in 2008, Malwarebytes is self-funded, headquartered in California, operates offices in Europe and employs a global team of researchers and experts. Malwarebytes’ software protects consumers and businesses against malicious threats worldwide with a highly advanced behavior-based detection engine that has removed over five billion malicious threats from computers worldwide. Read the Malwarebytes case study.

About Denim Group

Denim Group, the leading secure software development firm, builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure application developmentsecurity assessmentsapplication security training and consulting capabilities that protect a company’s biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare, and defense industries. Its depth of experience building large-scale software development systems in a secure fashion have made the company’s leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company’s by Inc. Magazine five years in a row, and has won multiple other awards as well. For more information about Denim Group visit https://www.denimgroup.com.

Reader Contact Information:
Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400, Fax: 210-572-4401, www.denimgroup.comjohn@denimgroup.com.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.