Accelerate your cybersecurity deliverables


Meet your Customer’s Testing requirements

ISO 21434 specifies the framework to deploy cybersecurity across automotive products. It prescribes the methods and measures for validating components to the required cybersecurity assurance levels (CALs). Danlaw can help you define, plan, and execute the testing activities required to achieve your CAL and help you ensure your component, system or application is protected and conforms to ISO 21434 requirements.

Danlaw uses the following methods to ensure you meet ISO 21434 cybersecurity assurance levels:

Testing MethodsCAL1CAL2CAL3CAL4
Fuzz TestingXXXX
Black Box Penetration TestingXX
White Box Penetration TestingXX
Note 1: Black box pen testing uses publicly known information about the target, limited time
and expertise, and uses off-the-shelf equipment to perform the testing.
Note 2: White box pen testing uses enhanced information about the target, such as source code,
network configuration, operating system's details, etc.

What is Pen (Penetration) Testing?

A penetration test is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system, and is intended to identify vulnerabilities), including the potential for unauthorized parties to gain access to the system’s features and data.

Danlaw conducts a three-phase process to plan to execute the penetration testing: A statement of work is jointly developed between the client and Danlaw, based on what the component, system, and applications provide to the vehicle and users

What is Fuzz Testing?

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Most Automotive OEMs mandate fuzz testing for all ECUs connected to vehicle buses like CAN and Ethernet, as well as other interface such as NFC or Bluetooth. They typically specify the interfaces, protocols, the test setup, and how many cycles should be executed. Danlaw has standardized these tests to support most OEMs.

We Provide Key Deliverables to Your Team:


Comprehensive Fuzz Tests


Complete Test Report Documentation


Test Bulletins Upon Discovery of Issues


Support to Suppliers During Cybersecurity Review with the OEM

Not sure what you need? Contact us for a free consultation.