Fuzzing security testing - Protocrawler
With our fuzzing security testing software, Protocrawler, you can cost-effectively check for components that behave unpredictably or incorrectly due to cyber attacks
Fuzzing security testing - Protocrawler™
Fuzzing security testing - ProtocrawlerTM is a relatively new technique that DNV GL uses to check for components that behave unpredictably or incorrectly when sent unexpected data. When used to attack IT or OT components and systems, the unexpected data is typically intended to cause failures that can then be exploited, perhaps in combination with other known vulnerabilities, to break into the system.
Random, malformed or invalid data is presented to the component or system’s communications interfaces based on a complex set of heuristics. The data is injected to cause faults and system crashes, or to force the component or system into an unexpected, unstable state. This behaviour presents an opportunity for potential attackers to gain access or control.
Identify component and system defects with fuzz testing software
The technique relies on fuzz testing software tools to systematically generate and analyse the outcome of massive numbers of test cases. Fuzzing security testing would be impossibly complex and prohibitively costly to perform manually. Our bespoke fuzzing software tool, ProtoCrawlerTM, is used at the heart of our formal assessment schemes, and has helped us discover thousands of component and system defects that would not have been exposed using traditional testing.
While fuzzing security testing is an inherently intensive process, our fuzzing service is incredibly versatile and can be tailored for any asset, budget or environment. Furthermore, fuzz testing can be applied at any stage of development or deployment, and is agnostic to software and hardware development methodologies.
DNV GL’s fuzz testing tools enable new approach
Combined with our deep understanding of the IT and OT market in the energy, oil and gas, maritime and renewables industry, our approach to cyber security vulnerability analysis and fuzzing security testing will provide you with increased confidence that your components are compliant with best practise and hardened against known and zero-day exploits.