Meet your Customer’s Testing requirements
ISO 21434 specifies the framework to deploy cybersecurity across automotive products. It prescribes the methods and measures for validating components to the required cybersecurity assurance levels (CALs). Danlaw can help you define, plan, and execute the testing activities required to achieve your CAL and help you ensure your component, system or application is protected and conforms to ISO 21434 requirements.
Danlaw uses the following methods to ensure you meet ISO 21434 cybersecurity assurance levels:
|Black Box Penetration Testing||X||X|
|White Box Penetration Testing||X||X|
and expertise, and uses off-the-shelf equipment to perform the testing.
network configuration, operating system's details, etc.
What is Pen (Penetration) Testing?
A penetration test is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system, and is intended to identify vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data.
Danlaw conducts a three-phase process to plan to execute the penetration testing: A statement of work is jointly developed between the client and Danlaw, based on what the component, system, and applications provide to the vehicle and users
What is Fuzz Testing?
Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
Most Automotive OEMs mandate fuzz testing for all ECUs connected to vehicle buses like CAN and Ethernet, as well as other interface such as NFC or Bluetooth. They typically specify the interfaces, protocols, the test setup, and how many cycles should be executed. Danlaw has standardized these tests to support most OEMs.
We Provide Key Deliverables to Your Team:
Comprehensive Fuzz Tests
Complete Test Report Documentation
Test Bulletins Upon Discovery of Issues
Support to Suppliers During Cybersecurity Review with the OEM