The tool supports one-click testing.Users can select appropriate penetration function items and configure parameters based on the test object and test purpose.
The tool supports real-time display of message data on CAN bus channels, which is convenient for positioning and analysis during the test.Users can filter, store or clear messages.
Hardware Security, In-vehicle Communication Security, External Communication Security, Software System Security
Data Security Compliance Package, Automotive Software Security Upgrade, R155/Technical Requirements for Vehicle Cybersecurity, 40855/40856/40857
The tool embeds the penetration function item, from the execution of function items to the generation of test reports, and fully realizes the automatic operation. At the same time, it provides a system test method that can be followed to ensure that key steps in the test process are not ignored, thus saving test time.
The tool complies with the AUTOSAR specification, supports simultaneous simulation of the sending node of synchronous messages and the sending/receiving node of secured messages; supports multiple MAC encryption algorithms, provides a high degree of freedom in parameter configuration, and supports tampering with secured messages and replaying.
Supports cabinet, laptop, and other formats to adapt to different testing scenarios
Allows customizing test case parameters and packages for tailored testing
Built-in with multiple compliance standard test case packages, such as R155
Provides dynamic solutions, recommending upgrades to the secure version closest to the user's current version to ensure compatibility. If multiple vulnerabilities belong to the same compositions, a unified version will be recommended for repair.
Supports enterprises in independently constructing vulnerability databases and open-source software knowledge bases. The tool can promptly detect whether a project has introduced a specific dependency or vulnerability. Also, it provides an open API that supports flexible customization.
Users can set rules based on vulnerability risk levels, licenses, and compositions white/blacklists, automatically preventing risky compositions from entering private repositories to avoid problematic compositions from entering the software development lifecycle."
Supports discovering code issues during the coding process and locating them down to the line, quickly providing repair suggestions. It performs automated policy execution based on user-defined rules during the build phase, timely blocking to achieve shift-left security.
The tool not only supports multiple attack methods on CAN bus, but also supports users coding according to their own needs. The tool supports custom test report templates, and can provide multi-dimensional system security analysis based on customer needs.
The tool supports mainstream hardware devices such as Vector, TOSUN, and also support more hardware devices of other manufacturers according to customer needs.
Test reports are auto-generated and provided with relevant remediation recommendations
Supports third-party tool integration based on customer requirements
Provides management teams with a visual display of the entire enterprise's open-source assets, accurately grasping used open-source compositions, open-source vulnerabilities, vulnerability change trends, and more. This aids in intuitive statistics collection and helps businesses manage their security assets.
Monitors open-source software vulnerability intelligence in real time, linking related projects of the user to ensure timely responses. Provides configurations for email and DingTalk transaction tracking tools for targeted reminders and precise issue information push notifications.
For each protocol, the tool uses protocol modeling to build test cases, thereby ensuring100% coverage of protocol state machines and fields.
The tool uses a black-box testing approach, with no need to access the source code during use. The tool embeds test scripts, from test case generation, management, execution, to report generation, fully automating the operation.
Every test case of the tool is open to users. Users can view the interaction flow and specific content of test case packets and how exceptional cases are generated.
The tool provides bidirectional testing for some specific protocols from both server and client side, ensuring complete coverage of protocol packets.
Users can add and customize based on the existing protocol templates or rules of the tool, meeting the feasibility depth requirements of fuzz testing. Supports customized test report templates, providing multidimensional system security analysis based on customer needs.
N/WP29 R155, T/GHDO 89.2-2022, 20214422-Q-339, GB/T 40861-2021, GB/T 40857-2021, GB/T 40856-2021