Book a demo

ProtoCrawler

ProtoCrawler™ has a real attitude to finding bugs!

Book a demo ->

ProtoCrawler is an intelligent fuzz testing solution, used to identify security weaknesses and implementation bugs.

Our customers use ProtoCrawler as part of a continuous assurance process, to develop and maintain robust and resilient products.

What is fuzz testing?

Fuzz testing is used to discover unpredictable (or just incorrect!) behaviour in devices or software when they’re sent spurious or malformed data.

Why should I bother with fuzz testing?

  • It triggers anomalies that simply don't get picked up during conventional testing activities.
  • Problems take less time (and cost less) to fix if you find them early. And continuous assurance is always a better strategy!
"ProtoCrawler is proving extremely useful. We've identified several issues that hadn't been picked up in previous firmware versions"
"The tool is extremely powerful and the reports are very comprehensive too"
"This is very much in line with our needs for products and systems testing"
"It's reassuring that the product can support multi-layered protocols"
"We're using the software to speed up our development process and reduce risk"

Why should I use ProtoCrawler?

  • Next generation fuzzing
  • Intelligent test generation
  • Detailed protocol understanding
  • Automated analysis
  • Evidence gathering for debugging
  • Traceability of coverage
  • Multi-platform
  • Can also be used for functional testing
  • Aligns with certification requirements
  • Modular application and licensing model

So, how does it work?

GENERATION

Define your target interface and configure the tests you want to run given the time you have available vs, the depth of coverage required.

EXECUTION

Automatically generate test data, run the tests, and collect all the evidence you need for full traceability.

ANALYSIS

Automatically analyse the test results to focus in on the higher risk areas and any items that may require further investigation.

REPORTING

Extract tailored reports to guide further testing activities or to produce broader insights for risk owners.

Things you might uncover using ProtoCrawler

  • Noncompliances against specifications
  • Messages found to cause a device to reset, allowing DoS attacks
  • Invalid messages not rejected by a device, leading to indeterminate action on the state
  • Return of additional data from a device in response to malformed inputs, exposing old stack content
  • Overriding field values with 'assumed values'
  • Missing authentication data ignored
  • Invalid authentication methods and data accepted
  • Erroneous reporting and logging of error events
  • Changes to data accepted where only reading of the data should be permitted
  • Unexpected behaviours, alerting attackers to further potential vulnerabilities

Interested? Book a demo with our team of specialists

Book now

Find out more about ProtoCrawler

Protocol Models

Leverage an extensive library of common IT and OT protocols to create structured fuzz tests for your products and systems.

 

Find out more ->

Intelligent Test Generation​

Define coverage based on the time you have available and generate a myriad of intelligent, automated tests with just a few clicks.

Find out more ->

Automated Analysis​

Analyse results automatically and get all the information you need to prioritise, diagnose and tackle your security issues.

 

Find out more ->
CyTAL UK LTD

Registered Office:
90 Lincoln Road
Peterborough
PE1 2SP

Company number 12575467
© Copyright 2023 CyTAL UK Ltd

Helpful links
Accreditations