Supports adding, deleting and modifying properties to be validated
Variables in system design can generate models automatically
Validation failures provide a counterexample cycle diagram and are traceable
The only tool on the market that can scan binary files and source code simultaneously. Not only will you be able to continuously monitor the security quality of your code as it is written, but you will also be able to do a final security review of the software after the source code has been compiled into binaries.
Eighty percent of the available SCA source code scanning tools cannot scan code written in C/C++ due to features of the C/C++ language. In terms of binaries, 90% of SCA binary-scanning tools do not support the APK format. For the above special cases, the SmartRocket Scanner is fully supported.
It can not only scan out code vulnerabilities for users, but also provide code repair Suggestions for users, so that users can more closely connect the process from finding problems to solving problems, so as to better improve the efficiency of problem solving.
Through years of scientific research experience and data accumulation, it can provide users with more accurate and comprehensive scanning results. In addition, through long-term tracking of well-known open source components, we also have unpublished and exclusive vulnerability information to help SmartRocket Scanner find the most comprehensive possible vulnerabilities.
Users only need to click the upload button input to verify safety requirements documents and to verify the system design document, and then click the verify button one-click automatically according to the requirements of security authentication system design, the final results of automatic classification for authentication, verification is not by and by successfully passed the security requirements of three of the following is derived.
The core function of the tool -- verification function is the formal verification method adopted. The formal verification method USES mathematical proof to ensure that the system meets the requirements. The authenticity conclusion of each attribute is based on strict mathematical proof.
Click to select each rail transit equipment that fails to verify the safety requirements. The tool will not only provide the verification results of the specific cycle of the equipment (until the last cycle with a counter example), but also provide the logical relationship model diagram of the equipment for the user to click on the equipment associated equipment for tracing.
Based on the kernel of formal verification method based on model inspection, even for large interlocking system, this tool only needs a little time to carry out complete security verification. Rapid verification can quickly find system design errors and correct them, thus achieving a virtuous cycle and greatly shortening the cycle of system design.
The kernel verification function of this tool adopts the formal verification method based on model inspection. The model inspection technology has been proved to be used in avionics, electronic design automation and other industries, that is, it can verify the very large system, and our tool can also verify the very large interlocking system.
SmartRocket Unit can generate test cases for coverage criteria, support statement, branch, MC/DC and boundary coverage criteria, automatically execute generated test cases and provide filters, and can meet the stringent testing requirements of industry standards such as D0-178B, ISO26262 and EN50128.
Tools that use random generation or data dictionary generation of test cases do not contain coverage criteria, use cases are generated by random combination, and cannot support the directional generation of MC/DC and boundary use cases.
The SmartRocket Unit generates a simplified set of use cases for different criteria, so that there is no redundancy between use cases. Other use case generation tools have no overridden criteria, and there is often a lot of redundancy in generating use cases by random generation or data dictionary. When testing a control software code in space, the SmartRocket Unit generates just a dozen use cases to achieve 100% coverage of statements, branches, and MC/DC functions, while the other software tools used give hundreds of test cases, resulting in a large number of redundant use cases.
SmartRocket Unit can fully design parameters, global variables, pile functions and pile function parameters, etc., and automatically design the return value of pile and output value of parameters. However, random generation or data dictionary generation test case tools usually only support data design of formal parameters and global variables, resulting in the failure to achieve high coverage.
In the code under test, we sometimes want to preserve system functions, especially memory functions such as memcpy and memSET, which may affect coverage. The SmartRocket Unit is able to automatically capture the memory change constraints of such functions to generate the correct test cases, which are not properly recognized by tools that randomly generate or data dictionary generate test cases. Neither of the tools based on the first two generation strategies can properly override the return 0 branch, whereas the SmartRocket Unit provides a switch for whether the system function piles or not. When we turn on the system function no-pile switch, the SmartRocket Unit is able to correctly generate 2 use cases to achieve 100% coverage.
The SmartRocket Unit generates a use case and automatically executes it, capturing output check information such as the expected value of the use case and automatically comparing it. This check item meets the requirements of functional security authentication, checking function return value, checking global variable modified value, checking parameter pointer pointing to content modified value and so on. Other tools do not have this check item or the check item is weak (for example, only check the return value of function, etc.), and a lot of manpower is needed to supplement this part of data later, which leads to the decrease of efficiency.
With the rapid development of information technology, the functions and scale of software are increasing day by day, and the traditional testing and defect analysis methods relying on human hands cannot meet the needs of the future. How to ensure the reliability and security of software has become an increasingly serious challenge.
Fuzziness tests automatically generate test cases to discover potential defects in a program by attempting to approximate all execution paths of the program. Fuzz testing can also be integrated into the original CI/CD/DevOps development process as a continuous deployment process, and become a complete set of automated vulnerability discovery system to help customers find bugs and vulnerabilities efficiently, quickly and easily.
Adopting advanced virtual execution technology, the scanning coverage rate is high and the false alarm rate is low. Clear and easy to read vulnerability analysis report, rich statistics, reports, graphical display interface, flexible deployment and scanning methods.
Based on the self-developed code scanning engine, the code scanning engine can be customized according to the business and technical characteristics of users to further improve the coverage and accuracy of code scanning.
It integrates theoretical courses and practical training experiments, reasonably plans the types of testing tools used in teaching, designs testing training courses, overcomes teaching difficulties, teaches students to understand the automobile safety testing system, and greatly improves the training efficiency and quality in colleges and universities.
The development of software system adopts the open system architecture and modular design, using the concept of the middle layer, reducing the system's dependence on hardware, mainly composed of course management, online answering questions and system management, so as to make it convenient for users to use.
According to the different needs of customers, it can be flexibly configured into different software versions for test centers, vocational colleges or enterprises, and adopt corresponding hardware platforms.
In order to facilitate the transportation of products, TICPSH-ITB hardware adopts the drawbar box-type design, and can be tested in workshops and other real sites according to the special requirements of the tested samples. To ensure timely response under any working conditions.
Testers only need to be familiar with the toolbox product to test the car, lowering the technical threshold for testers. By integrating expertise, emerging standards, and industry practices, the toolkit can be continuously upgraded to maintain high availability and technology leadership.
Use an intelligent vulnerability analysis engine to scan components for vulnerabilities and license risks. The engine takes advantage of the unique features and vulnerabilities of third-party databases and open source components to improve the accuracy of scan results.
The industrial control protocol fuzzy test tool is used to test the robustness of the implementation of the industrial control network protocol. The malformed data packets are constructed and sent to the industrial control target to test the security of the industrial control network protocol under test.
According to their own penetration test experience, relevant safety standards, design test cases and test results, automatically provide test reports, provide report analysis, and put forward targeted results analysis and modification Suggestions for the tested objects, which can help users find problems of the tested objects more directly, and help them find ways to improve.
The original scattered penetration test and detection tools are integrated, and a standardized system detection system is established through a unified detection data collection and output interface.
Comply with the standard requirements and specifications of safety development and testing capabilities, enhance product safety functions, reduce the cost of development and rectification, enhance the market competitiveness.
Provide comprehensive communication protocol security development and verification capabilities, reduce the cost of security development; To quickly reduce the threshold and cost of communication security verification.
One-stop audit and solution for multiple types of industrial control information security compliance, such as IEC 62433, ISASecure, IEC 21434, Achilles, safety inspection specifications for industrial control systems, etc.
Diagnose information security risks and threats of industrial systems, reduce the possibility of system damage, and reduce possible losses.
It integrates theoretical courses and practical training experiments, reasonably plans the types of testing tools used in teaching, designs testing training courses, overcomes teaching difficulties, teaches students to understand the automobile safety testing system, accumulates practical training experience in simulated production environment, and greatly improves the training efficiency and quality in colleges and universities.
The development of software system adopts the open system architecture and modular design, using the concept of the middle layer, reducing the system's dependence on hardware, mainly composed of course management, online answering questions and system management, so as to make it convenient for users to use.
Vehicle intrusion detection and defense system IDPS is an important part of vehicle information security framework, providing OTA upgrade security, system security, log storage security, off-vehicle network security, bus security and GNSS deception and other security monitoring and protection means, improving vehicle safety protection capability.
Process protection function: effectively deal with process counterfeiting and malicious programs such as application, Trojan horse and virus
File reinforcement function: effectively deal with file tampering, program script implantation, configuration tampering, data leakage and other threats
Claim limitation function: effectively deal with local overflow claim, rootkit claim and other remote software assisted claim methods
Security report: Provide support for TLS security protocol escalation
OTA security: Provide calibration interface with OTA security upgrade scheme
Log security: Provide client T-Box and cloud server security log storage protection scheme
IP traffic monitoring: Linux network traffic monitoring, IP traffic for the implementation of abnormal detection function
GNSS spoofing protection: GNSS spoofing signals are recognized and abnormal log records are reported
Internal network traffic monitoring: packet filtering and abnormal behavior detection in bus network
BLE/WLAN connection: Supports bluetooth BLE/WLAN connection exception detection
Cloud anomaly detection and analysis function: Analyze the collection log and detect abnormal behaviors from the perspective of fleet management
The security functional Safety consulting team is the only one in China with avionics system development service and airworthiness audit consulting ability. Its team members have been serving leading European aviation enterprises such as Airbus and Thales For a long time.
Present the mental state and emotional state in real time;
"Platform + video surveillance system" or "portable computing device + Video capture device" can be deployed quickly. No duplication of construction, support for mobile deployment;
There is no need for public security feature database and cloud-assisted computing to collect, calculate and warn individuals with weak features and abnormal behaviors without appearance features in real time.
Present the psychological state in real time, and issue the psychological and physiological evaluation report in 60 seconds;
"Portable computing device + video acquisition device + sufficient light" can be quickly deployed; The evaluation process does not require any interaction.
Immediate assessment of the subject's current psychological state; Comprehensive analysis of the physiological conditions of the subjects can help predict symptoms such as depression and Alzheimer's disease.
At present, There are about 50,000 SMT production lines in China, and each SMT production line requires 2 AOI detection devices, while each AOI device has a demand for a PCBA iBox at the back end. Calculated at 500,000 yuan per device, it is predicted that the market will reach a total scale of 50 billion yuan, and with the continuous industrial transfer, the market is still growing.
The PCB board optical quality inspection system can ensure that the manufacturing workshop does not stop production under the condition of no one, which is an effective way for medium and high-end PCBA manufacturers to improve the production line efficiency by improving the production yield rate, greatly reducing the number of inspection personnel and gathering training costs.
Satellite control software is the core of satellite control system, with complex functions, high unit test coverage requirement, high cost of manual test case writing and error prone. Using SmartRocket Unit can automatically generate Unit test cases that meet statement coverage, branch coverage and MC/DC coverage, and perform test execution automatically, which can improve software testing efficiency and software product quality. Out of 150,000 lines of code tested in a space unit, the SmartRocket Unit achieved average statement coverage of more than 90%.
Subway signal system is the control center of subway system. In the test of subway signal system, corresponding unit tests should be carried out according to different SIL levels. In traditional testing, test case writing relies on human resources, and software code testing with strict requirements for MC/DC coverage is bound to consume a lot of human resources and time.
Using the SmartRocket Unit tool can solve this problem, greatly reducing labor and time costs. Out of 200,000 lines of code tested for a subway signal Unit, the SmartRocket Unit achieved an average of over 85% statement coverage, with significant use case generation.
The automotive electronics industry complies with ISO26262 standard, and for projects that need to achieve ASIL-D safety levels, it also requires considerable labor and time to write use cases. The use cases generated by the SmartRocket Unit can be seamlessly applied to the automotive electronics industry, helping testers quickly meet statement/branch, MC/DC code coverage requirements. The SmartRocket Unit achieved average statement coverage of more than 85% in a car electronics Unit test of 100,000 lines of code.