ProtoCrawlerTM is an intelligent fuzz testing solution, used to identify security weaknesses & implementation bugs
Our customers use ProtoCrawlerTM as part of a continuous assurance process, to support the development of robust and resilient products.
Not sure if fuzz testing is for you?
What our customers say...
Why should I use ProtoCrawlerTM?
- Next generation fuzzing
- Intelligent test generation
- Detailed protocol understanding
- Automated analysis
- Evidence gathering for debugging
- Traceability of coverage
- Multi-platform
- Can also be used for functional testing
- Aligns with certification requirements
- Modular application and licensing model
Overview of ProtoCrawlerTM
Generation
Define your target interface and testing scope to match the time you have available.
- Save manual effort and time by automatically generating test configurations
- Tailor the level /structure of malformations to suit your test target
- Maximise code coverage using pre-configured test generators
- Re-use optimised testing configurations to support regression testing
Execution
Automatically produce test data, execute the tests, and collect detailed evidence.
- Instantly execute thousands of pre-configured tests
- Monitor testing progress in real-time using an intuitive GUI
- Pause, modify and edit testing configurations mid-test
- Seamlessly integrate into a test management system/workflow
Analysis
Automatically analyse your test results to see where you need to focus efforts.
- Pre-configured scoring matrix developed from years of testing experience
- Prioritise follow up investigations to focus on higher risk areas
- Customise scoring matrix and/or set pass/fail criteria
- All the tools to construct your own analysis approach/structure
Reporting
Extract reports to guide further testing activities or drive product fixes.
- Standard reports provide actionable insights
- Customise (and/or brand) your own reports
- Share key findings with internal risk owners or decision makers
- Demonstrate continuous improvement by comparing reports over time
Things you might uncover using ProtoCrawler
- Noncompliances against specifications
- Messages found to cause a device to reset, allowing DoS attacks
- Invalid messages not rejected by a device, leading to indeterminate action on the state
- Return of additional data from a device in response to malformed inputs, exposing old stack content
- Overriding field values with 'assumed values'
- Missing authentication data ignored
- Invalid authentication methods and data accepted
- Erroneous reporting and logging of error events
- Changes to data accepted where only reading of the data should be permitted
- Unexpected behaviours, alerting attackers to further potential vulnerabilities
