HydraVision

Security Test Environment

HydraVision is a cybersecurity automation platform that enables automated security testing over the entire lifecycle of an ECU and ensures compliance with the latest industry-specific guidelines such as UNECE R155, ISO 21434 or GB 44495. With our intelligent Security Test Environment, manufacturers and suppliers can not only easily comply with the new directives and standards, but also carry out practical cybersecurity tests on their products – automatically and remotely. With HydraVision, you gain full control and transparency over all security components, enabling thorough cybersecurity management while optimizing workflow efficiency. Whether you’re securing embedded systems, industrial networks, or connected vehicles, HydraVision offers a streamlined and scalable approach to network security testing.

data sheet
contact us
HydraVision_security_test_environment

Features

  • Customizable User Dashboard: Intuitive, user-friendly dashboard that allows each user to personalize their interface, optimizing workflows and ensuring quick access to relevant data.
  • Full Remote Access (PaaS): Enables all project participants to securely manage and monitor security compliance via cloud-based infrastructure, providing flexibility, scalability, and seamless global collaboration across distributed teams and sites.
  • Security Notifications & Reporting: HydraVision delivers real-time alerts for proactive vulnerability scanning and cybersecurity risk assessment. Automated security reports provide deep insights into test results and system security gaps.
  • Test Case Management: Intuitive Test Case Editor for creating, modifying, and customizing test cases to align with your system’s security requirements. Predefined test case templates provide a structured starting point and can be easily adjusted to meet specific needs, ensuring flexibility for various attack scenarios and evolving threats.
  • Cluster & Full-Vehicle Testing: HydraVision enables the evaluation of ECU clusters and entire vehicle systems via CAN and Ethernet. This capability enables security evaluations that go beyond individual components.
  • CI/CD Integration: Seamlessly integrates into CI/CD pipelines, enabling automated penetration testing at every development stage to identify vulnerabilities early in the lifecycle, leading to reduced costs.
  • User & Group Management: A flexible, role-based access control framework that allows organizations to define responsibilities and to ensure structured access to critical data while maintaining individual information security standards.
  • Custom Target Definition: Leverages a modular architecture to enable quick and seamless execution of test cases to specific requirements. Test parameters such as protocols, security access, and TLS/SSL settings can be easily edited via simple configuration files.
  • Support for Different Power Supplies: Compatible with various power supplies, including Rigol, with full remote control and monitoring capabilities. Voltage, current, and power traces can be recorded in real time.
  • Flexible Deployment Options: Choose between cloud-based security testing via PaaS and on-premise deployment, offering organizations enhanced flexibility and data protection. Choose the best security model to fit your compliance and operational needs.

Benefits

Compliant

Stay ahead of new cybersecurity regulations and ensure your embedded systems meet evolving security and network standards. HydraVision is a cybersecurity management system that enables organizations to remain compliant with UNECE R155, ISO 21434, China’s GB 44495 and other industry-specific frameworks. 

Transparent

Gain full visibility into your security validation process with clear, structured, and consistent test results. HydraVision provides real-time network security monitoring and comprehensive reporting, allowing teams to efficiently analyze vulnerabilities and make data-driven security improvements across the product lifecycle.

Cost-Effective

Unlike traditional security testing tools such as expensive Hardware-in-the-Loop (HIL) setups, HydraVision provides an automated, scalable, and affordable cybersecurity automation platform. By reducing manual testing efforts and enabling early vulnerability detection, it significantly lowers security validation costs.

Applications

  • Embedded Systems
  • Automotive Systems
  • Industrial Systems
  • Aviation & Aerospace Systems
  • Maritime Systems
  • Defense Systems
  • IoT (Internet of Things) Devices
  • Medical Devices

Validation & Security Testing

HydraVision is a powerful test case management tool, offering continuous security validation. It comprises four integral layers to fortify digital defenses: 

Commencing with interface-level tests, HydraVision scans low-level drivers for potential threats. This vulnerability scanning is followed by the comprehensive testing of protocols, assessing their robustness and identifying potential weaknesses. Additionally, HydraVision introduces fuzzing techniques to enhance the precision of cybersecurity risk assessments.

The third layer encompasses the evaluation of complex security controls and functions, ensuring a comprehensive examination of the system’s defensive capabilities. Finally, HydraVision addresses the tip of the cybersecurity iceberg by providing dedicated security tests for known Common Vulnerabilities and Exposures (CVEs) provided by third parties such as ASRG and Auto-ISAC.

This multifaceted approach positions our Security Test Environment as a feature-rich library, offering automated penetration testing and risk assessment across diverse levels, effectively safeguarding against a spectrum of potential risks.

Test Cases (Excerpt)

IsotpScan

Testcase basic scan for ISOTP endpoints of the ECU on the CANSocket, returns a List of all found ISOTP endpoints of the ECU

ObdScan

Testcase scan of the OBD protocol, iterates over all services that contain information, sequence of ids: 01, 02, 06, 08, 09, 03, 07, 0A.

UdsDtcScan

Testcase scan of the UDS protocol for all available DTC information, uses UdsSystemStates to scan in every
available UDS session.

UdsRdbiScan

Testcase scan of the UDS ReadDataByIdentifier service, uses UdsSystemStates to scan in every available UDS session.

SomeIpSniff

Testcase basic scan for SomeIpEndpoint of the ECU on the eth, will create a list of
SomeIpEndpoints with values it got.

DoipPortTest

Testcase test if a port of PortScanResults supports Doip, will create a list od found DoIPEndpoints.

TlsScanTestSsl

Testcase scan for TLS security of the ECU on the eth with testssl.sh tool, will create .json files and List of TLSScanResults

EthDoipTest

Testcase test if an IP next to the source of a Vehicle Announcement Messages will get a connection to the target.

EthArpEndpointPortScan

This test case conducts a comprehensive port scan on the provided ArpEndpoint, examining the whole rangeof ports and generating PortScanResults based on the findings. The difference to the IpEndpoint portscan is, that the test can’t use an IP configuration that did get an imcp answer from the target.

EthArpSniff

Testcase basic sniffer for ARP request of the ECU on the eth, will create a List of ArpEndpoints with all the messages it got. The Testcase will remove duplicates automatically.

EthDoipSniff

Testcase basic scan for Vehicle Announcement Messages over DoIP of the ECU on the eth, will create a list of
DoIPAnnouncement with values it got.

EthIPEndpointPortScan

This test case conducts a comprehensive port scan on the provided IPEndpoint, examining a specified range of ports and generating PortScanResults based on the findings.

CanWakeupTest

Test if the ECU can be kept awake by CAN messages, logs results and writes summary.Returns CanBusKeepAliveBehaviour if successful.

PowerBehaviourTest

Testcase to analyze PowerBehaviour of ECU while running. Returns new objects of PowerBehaviour, a PowerMonitoring configured to the PowerBehaviour of the ECU.

UdsStateScan

Testcase scan of the UDS protocol for all available states in DiagnosticSessionControl and SecurityAccess. Returns a UdsSystemStates object containing routes to all available states of the ECU.

UdsSecurityAccess

This test case iterates through all sub-test cases defined in the test plan and executes them sequentially.The test plan includes tests such as Penalty Time Check, Immediate Key Try, Seed Analysis, and more, each aimed at verifying specific aspects of the UDS SecurityAccess service.

UdsWdbiScan

Testcase scan of the UDS WriteDataByIdentifier service, uses UdsSystemStates to scan in every available UDS session.

UdsRoutineControlScan

Testcase scan of the UDS RoutineControl service, uses UdsSystemStates to scan in every available UDS session.

UdsServiceScan

Testcase scan of the UDS protocol for all available services, uses UdsSystemStates to scan in every available UDS session

UdsRmbaScan

Testcase scan of the UDS ReadMemoryByAddress service, uses UdsSystemStates to scan in every available UDS session.

UdsEcuResetScan

Testcase scan of the UDS ECUReset service, uses UdsSystemStates to scan in every available UDS session.

V-Cycle

A testing platform like HydraVision holds various benefits for different personas working alongside the software development process or in compliance testing respectively. Here’s what you can expect depending on your role:

Benefits for Project Managers:
  • Ensure compliance with industry standards. 
  • Reduce time and costs with automated testing.
  • Simplify user management and reporting.
Benefits for Developers:
  • Gain rapid security insights via log files.
  • Receive real-time feedback to accelerate development cycles.
  • Ensure assessment conformity.
vcycle_security_test_environment
Benefits for Testers:
  • Manage all Devices Under Test (DUTs) efficiently.
  • Debug security flaws in real time.
  • Leverage the test case editor and scalable test cases for more efficiency.
Benefits for Serial Support:
  • Automatically track new cybersecurity threats
  • Maintain continuous security monitoring in a cost-efficient way
  • Ensure cybersecurity conformity (e.g. UNECE, CRA).

FAQ

What is HydraVision, and who is it for?

HydraVision is a cybersecurity automation platform designed for automotive cybersecurity testing, specifically targeting Electronic Control Units (ECUs). It serves automotive OEMs, Tier 1 suppliers, penetration testers, and developers, providing a security test environment that facilitates security and functionality testing on individual ECUs, groups of ECUs, or entire vehicles.

How does HydraVision automate ECU security testing?

HydraVision automates penetration testing by leveraging a unique software middle layer that enables the creation and reuse of security tests across different ECUs. This approach ensures scalability, reproducibility, and traceability, significantly reducing manual effort while improving testing efficiency.

What types of tests does HydraVision support?

HydraVision covers a broad spectrum of tests, including:

OEM-specific cybersecurity tests: Brand-specific protocols like BMW (e.g., BmwRdbiScan)

Security and network tests: CVE analysis, UDS SecurityAccess validation

CAN and Automotive Ethernet tests: Fuzzing, wake-up behavior, XCP scans, DoIP sniffing

ISO-TP and UDS diagnostic tests: Endpoint scanning, ECU resets, Read/Write Data by Identifier

OBD testing: Standardized On-Board Diagnostics coverage

Power and behavior analyses: Power-on behavior, wake-up, and sleep handling

How many test cases are included by default?

HydraVision is delivered with around 100 preconfigured test cases, which are continuously maintained and expanded to keep pace with emerging threats and evolving industry standards.

Can I create or modify test cases in HydraVision?

Yes, HydraVision provides access to test cases in source code, allowing users to modify existing tests or create new ones within the cybersecurity management system. The web-based IDE supports transparency and flexibility, enabling custom adaptations to meet specific security requirements.

How does HydraVision facilitate regulatory compliance?

HydraVision assists organizations in complying with automotive cybersecurity regulations like ISO 21434, UNECE R155 and GB 44495. It generates detailed, traceable reports that document test results, ensuring compliance with industry standards.

What deployment options does HydraVision offer?

HydraVision is available as both an on-premise solution and a private-cloud-based PaaS offering, allowing organizations to choose the best security model to fit their compliance and operational needs. The PaaS model, hosted in a TISAX-certified environment, enhances data protection and flexibility, enabling continuous security testing without additional infrastructure maintenance.

Can HydraVision be used remotely?

Yes, HydraVision supports remote access via a web-based UI, allowing global teams to collaborate in real time. This ensures penetration testers, developers, and managers can oversee testing activities from any location.

How does HydraVision integrate into existing test environments?

HydraVision’s modular architecture allows seamless integration into existing infrastructures. It supports automation of test workflows and can be incorporated into CI/CD pipelines, making it ideal for modern cybersecurity risk assessments.

What makes HydraVision stand out from other cybersecurity testing solutions?

Scalability & Modularity: Adaptable for both small teams and large development departments

Automated Workflows: Efficiently integrates into security and network testing environments

Comprehensive Reporting: Offers real-time monitoring and detailed analytics

Flexibility: Enables testing at various ECU lifecycle stages, from development to serial production

Does HydraVision integrate with other tools?

Yes. While a dedicated API is under development, HydraVision already supports deep linking, enabling users to reference test runs in external requirements management and test documentation tools.

What is HydraVision’s licensing model?

HydraVision’s licensing structure consists of:

  • HydraVision backend instance (annual license)
  • Hydra Probe hardware (purchased separately)
  • Runner licenses (required for each probe)

The model allows users to scale based on the number of projects and ECUs tested.

Can HydraVision test entire vehicles, or just individual ECUs?

HydraVision is designed for flexible deployment, making it possible to test individual ECUs, ECU groups, or full vehicles as part of automotive cybersecurity evaluations.

How does HydraVision handle test data and reporting?

HydraVision provides real-time monitoring of all test activities and generates detailed reports, including power trace data, test results, log messages, and user comments. Reports can be exported in Markdown or JSON format, ensuring easy integration with other systems.

What support and services does HydraVision offer?

Dissecto provides professional services, including custom test case development, system integration support, and technical consulting.

Where can I get more information or request a live demo?

If you’d like a technical presentation or live demo of HydraVision, feel free to contact us. Our team is happy to assist in planning and implementing your security test environment.