Menu
 Industry

Automotive

 Department

Development

 Size

> 230 000 Employees

 Location

Hannover, Germany

The Results

Developing Secure Infotainment Systems Faster

 Increased Code Coverage

Continental automated their security testing and increased their code coverage (now above 95% in most modules). 

 Increased Development Speed

The smart bug detection and advanced debugging features of the CI Fuzz testing platform helped the development team to fix all business-critical bugs in the evaluation project within only one week.

  ISO 21434/UNECE WP.29 Compliance

Feedback-based fuzzing enables Continental to comply with automotive software security standards such as UNECE WP.29 and ISO/SAE 21434.

Improved Bug Reporting

The CI Fuzz testing platform comes with a detailed bug reporting and insights for each finding. Project managers are now able to automatically report and prove which inputs lead to bugs and critical behavior and how much progress the business unit made since the last sprint.

Car illustrations by Storyset https://storyset.com/car
Continental on Fuzzing
"Only 1% of all the security tests done for the project where CI Fuzz was used were fuzz tests, but through them, we find about 57% of vulnerabilities.” 
Victor Marginean CONTINENTAL
Victor Marginean
Global Head of Cybersecurity & Privacy Business Unit HMI // Continental 
Watch CI Fuzz Demo

The First Challenge

Realizing Modern Security Tests In An
Embedded Automotive Architecture

Continentals HMI business unit develops systems and solutions for the human machine interface of modern road vehicles. For example, display solutions, head-up displays and cockpit high performance computers. HMI makes processing and managing information simple, intuitive, and reliable.

Infotainment systems in modern vehicles usually communicate with a whole range of external embedded sensors. These dependencies add an additional layer of complexity for security testing, as they typically require plenty of manual effort.

 Writing Test Harnessess

Although the Public API documentation is usually available, developers need to write plenty of test harnesses, which is incredibly time-consuming.

 Hardware Dependencies

Developers have to secure the communication between the Hardware-Dependent-API and the hardware.

Car illustrations by Storyset https://storyset.com/car

The Second Challenge

Complying With ISO 21434/UNECE WP.29

Due to the new ISO/SAE 21434 and UNECE WP.29, many car manufacturers (OEMs) are expanding their software testing activities. The standard contains regulations for software devices within vehicles, as well as their connectivity to external systems.

 Implementing Fuzz Testing

The ISO 21434 and UNECE WP.29 recommend OEMs to integrate feedback-based fuzz testing into their DevOps processes and defines new requirements for software security engineering.

 How to Get the Developers on Board

Open-source fuzzing solutions are already very effective, but they still require manual tuning and follow-up work for developers. Continental was looking for a professional fuzzing solution they can easily apply in an automotive architecture.

Data illustrations by Storyset https://storyset.com/illustration

The Solution

CI Fuzz Testing Platform

Continental implemented the CI Fuzz testing platform in their CI/CD to improve their code quality and development speed. CI Fuzz is a CI/CD-agnostic platform for automated security testing. The platform helps developers protect themselves against unexpected edge cases. It empowers them to fix bugs during development and to achieve reproducible testing results.

screenshot_product-1
Watch Demo

The Success

Fuzzing Embedded Systems With Dependencies

The CI fuzz testing platform makes it possible to apply modern fuzz testing approaches in an early stage of the software development process. This has automated and simplified the entire testing process because it enabled the developers to perform security tests on their own modules and to fix critical bugs right away.

The CI Fuzz testing platform also enabled the developers to mock their hardware with fuzz data. Continental story succeeded by applying feedback-based fuzzing to their software. They are now able to protect their software against edge cases and unexpected behaviors. For example, if a sensor should send unusual or erroneous inputs.

Get Started With CI Fuzz

Contact our developers to uncover how the CI Fuzz testing platform can help you provide secure and reliable software.

Get Started