ProtoCrawler gathers several forms of evidence during a typical test run and produces an extensive set of results for analysis.
There are very few limitations when it comes to evidence gathering – ProtoCrawler can be configured to process all sorts of output, including events, control messages, messages from debug ports and so on.
Eyeballing thousands of fuzz test results would be asking too much – but we’ve got that one figured. ProtoCrawler’s automated analysis capabilities do all the heavy lifting for you and give you some indicators of interest to work with.
What’s an indicator of interest?
Indicators of interest are used to draw your attention to things that might need to be investigated. They include things like unexpected failure codes, incorrect acceptance of invalid messages, invalid responses, missing alerts, failed decryption and failures to respond etc.
ProtoCrawler automatically analyses test results using a library of pre-configured analysis chains. But new indicators of interest can be user-defined if you need something a little more specific.
If you do find a bug, it’s sensible to run a regression test after you’ve fixed it. ProtoCrawler makes it easy to use precisely the same set of tests as you did before, so that you can compare results.
How do I prioritise ProtoCrawler findings?
ProtoCrawler will automatically score your test results, enabling you to decide what you need to look at, and in what order. You can also set pass/fail criteria for different types of analysis, which can be helpful if you’re assessing compliance.
ProtoCrawler’s analysis and reporting features then allow you to drill down into any test result to establish and share the root cause of any unexpected behaviour, quickly and effectively.
Pre-configured analysis reports are designed to cater for most assessment needs, or we can create new ones for you.
Interested? Book a demo with our team of specialists
Find out more about ProtoCrawler
Product Overview
Deploy our advanced fuzz testing software to discover and tackle security vulnerabilities that you might have overlooked.
Intelligent Test Generation
Define coverage based on the time you have available and generate a myriad of intelligent, automated tests with just a few clicks.
Protocol Models
Leverage an extensive library of common IT and OT protocols as a means to create structured fuzz tests for your products and systems.
