Defensics adds gRPC support for distributed web and mobile application security testing

Learn how the gRPC test suite and gRPC wizard allow Defensics customers to create their own test sequences from protocol buffer definitions.

As the leading tool in the negative testing market, Synopsys Defensics® fuzz testing currently offers more than 300 test suites to ensure system security and robustness. Defensics has now extended communication protocol testing with support for the popular gRPC framework used in microservices, mobile, web, and IoT applications. The gRPC framework uses HTTP/2 as the transport protocol and Protobuf (protocol buffers) for its service definition. The framework offers tools for creating client and server bindings for several programming languages, including Go, Java, C++, Python, and many more. Code bindings are automatically generated based on a Protobuf definition.

Protobuf is an open source mechanism for serializing structured data, which is defined through the use of an Interface Definition Language (IDL). The Protobuf IDL defines a system’s remote procedure call (RPC) message structures and services. Protobuf also includes a proto compiler, which generates serialization code from Protobuf definitions. The gRPC framework serializes and deserializes data as it is sent between network nodes.

Fuzzing gRPC

Defensics is a template-based fuzzer. A basic Defensics test suite is written based on the protocol specifications. In the case of gRPC, this doesn’t work because each system has its own definition. We know the basic encoding for the different domains, but to create effective test cases we need to know more about the system under test.

Another problem with fuzzing gRPC is that while we can learn the protocol model and service endpoints from a Protobuf definition, we don’t know how the system under test uses the RPCs and what data is sent through the messages. We could create a test sequence for each RPC separately, but most systems have an internal state where RPC A must be sent before RPC B, so the server is in the correct state to receive RPC B .

The gRPC test suite offers customers a way to import Protobuf files into Defensics using a gRPC wizard. The gRPC helper takes the Protobuf definitions, parses them, and displays the available remote procedure calls defined in the files. The RPCs can then be used to construct a test sequence, which is relevant to the system under test. In addition to creating a relevant test sequence, the wizard also allows users to modify each send message to have relevant valid values ​​in the message fields. This is done to ensure that the gRPC test suite is interoperable with the test target.

The following image shows the gRPC helper in action. The imported file is example.proto.

Once the desired configuration is complete, the gRPC wizard will create a sequence file for the gRPC test suite. This sequence file is loaded into a new gRPC test suite instance, and test cases are automatically generated, ready to fuzz the test target.

The following image shows a list of test cases generated based on example.proto.

list of test cases generated based on the example.proto |  Synopsis

The gRPC test suite can fuzz both Protobuf/gRPC parsers and application code. For most users, the interesting part of fuzzy is the application-level implementation using gRPC for communication. To improve fuzzing speed, the gRPC test suite can be configured to limit test cases to the contents of the Protobuf field, which is the data used in the application-level implementation.

About Defensics fuzz testing

Defensics is a complete, powerful and automated black box solution supporting most smart home wireless and IoT protocols, in addition to more than 300 other protocols. Defensics is a generational fuzzer that knows the protocol you’re testing. All of our wireless tests can be performed live on a boxed device without needing to access source code. If you are interested in integrating fuzz testing into your CI/CD pipeline, Defensics enables headless test integration through a Jenkins plugin, CLI, and REST API. The three integration interfaces enable a basic workflow of configuring the fuzzer, running and tracking test progress, and exporting test reports.

To learn more and find the right test suite for your system security needs, visit Defense webpage.