What is Black Duck Defensics?

Defensics is Black Duck's protocol fuzzing platform. The architecture is generative model-based fuzzing using formal protocol models and grammars to systematically explore protocol input spaces. Black-box testing produces zero-day discovery without source code access. The library ships with nearly 300 prebuilt fuzz testing suites covering RFCs, file formats, and protocols. The Defensics SDK extends coverage to proprietary protocols. Merito sells the license and operates the lab setup, suite curation, crash triage workflow, and SDK rule authoring.

What is generative model-based fuzzing?

Generative model-based fuzzing uses formal protocol models and grammars to systematically generate test cases across the protocol input space. Unlike random or coverage-guided fuzzing, generative fuzzing produces deterministic, reproducible test cases that survive regression cycles. The reproducibility lets engineers retest the same case during remediation validation and ensures crash triage results are reliable across re-runs.

What protocols does Defensics cover?

Defensics covers nearly 300 prebuilt test suites including network protocols (TCP, UDP, IPv6, TLS, SSH, MQTT, CoAP, HTTP/2, DNS, DHCP, SIP, RTP), industrial-control protocols (Modbus, DNP3, IEC 60870-5, IEC 61850, OPC UA, BACnet), automotive protocols (CAN, FlexRay, automotive Ethernet, ISO 14229 UDS, V2X), file formats (PDF, image formats, video, archives), and API protocols (REST, SOAP, GraphQL, WebSocket). The library is maintained continuously as new RFCs and specifications emerge.

What is the Defensics SDK?

The Defensics SDK is a framework for creating custom model-based fuzzers that deploy alongside the prebuilt suites. Customers running uncommon, customized, or proprietary protocols use the SDK to author suites that integrate into the same lab workflow as the prebuilt library. SDK authoring takes engineering time but produces durable protocol coverage that competing fuzzing platforms cannot match.

Does Defensics require source code?

No. Defensics is a black-box fuzzer that generates test cases from protocol models rather than instrumenting target source code. Programs can fuzz vendor protocol stacks, proprietary firmware, third-party libraries, and any other implementation where source is unavailable. The black-box approach makes Defensics suitable for vendor product testing, third-party library validation, and OT device fuzzing where source access is impossible.

What kinds of programs use Defensics?

Industrial-control-system (ICS) and OT security teams, IoT and connected-device manufacturers, network-equipment vendors, automotive security teams (UN R155, ISO 21434), medical-device security teams (FDA premarket submissions), and government and defense programs with proprietary protocol surfaces. Defensics is the right tool for any program that needs zero-day discovery on protocol implementations.

What services does Merito provide for Defensics?

Merito handles Defensics lab setup, target-device integration, suite curation against the customer's protocol surface, crash triage workflow design, runbook authoring, and SDK rule authoring for proprietary protocols. Premium Support and Managed Services cover ongoing suite curation, SDK rule maintenance, and crash triage operations. Staff Augmentation places Merito-trained Defensics engineers on long-running lab programs.

Black Duck • Application security

Black Duck Defensics Protocol Fuzzing

Defensics is a generative model-based protocol fuzzer that detects zero-day vulnerabilities and reliability issues in service APIs, network protocols, and IoT devices. The platform ships with nearly 300 prebuilt fuzz testing suites covering RFCs, file formats, and protocols, plus an SDK for custom protocol coverage.

Merito sells Defensics and operates the lab setup, suite curation, crash triage, runbook authoring, and SDK rule design that turn protocol fuzzing into a repeatable security program.

Get Defensics pricing Talk to a Merito Defensics specialist

Best for: Industrial-control-system (ICS) and OT security teams, IoT and connected-device manufacturers requiring zero-day discovery, Network-equipment vendors testing protocol implementations
Hosting: On-prem
Time to value: Lab setup and first prebuilt suite running in two to four weeks. Crash triage workflow operational in six to eight weeks. SDK custom suite authoring (when in scope) typically four to eight weeks per protocol. Enterprise lab program rollout in eight to twelve weeks.
Security posture: GDPR, HIPAA-aligned design, SAML SSO
Last reviewed: 2026-04-27

What it is

Black Duck Defensics Protocol Fuzzing in the enterprise stack

Defensics is Black Duck's protocol fuzzing platform. The architecture is generative model-based fuzzing, which means the platform explores protocol input spaces using formal models and grammars and systematically traverses protocol structures without requiring guidance from the test target. Black-box testing produces zero-day discovery without source code access.

The test-suite library is the practical asset. Defensics ships with nearly 300 prebuilt fuzz testing suites maintained by Black Duck engineers and updated continuously as new RFCs, specifications, and protocols emerge. Coverage spans network protocols (TCP, UDP, IPv6, MQTT, CoAP), industrial-control protocols (Modbus, DNP3, IEC 60870-5), cellular protocols, automotive protocols (CAN, FlexRay), file formats (PDF, image formats, video), and APIs. The breadth lets customers run fuzzing programs without rebuilding coverage that the suite library already provides.

The Defensics SDK extends coverage to proprietary protocols and customer-specific interfaces. The SDK is a framework for creating custom model-based fuzzers that deploy alongside the prebuilt suites. Customers running uncommon, customized, or proprietary protocols use the SDK to extend Defensics into their own surface. Feedback-driven fuzzing prioritizes test paths most likely to expose new behaviors.

Defensics deployments are heavier than scanner rollouts. Programs that scope Defensics like a SAST tool underestimate the lab setup, reproducibility infrastructure, and crash-triage discipline the product requires. Merito treats Defensics as a lab-based program rather than a developer-facing scanner. The engagement model includes lab setup, suite curation against the customer's protocol surface, crash triage workflow, and SDK rule authoring for proprietary protocols.

Ideal use cases

Network protocol fuzzing for service APIs, network appliances, and infrastructure
Industrial-control-system fuzzing for OT devices (Modbus, DNP3, IEC 60870-5)
IoT device fuzzing for connected-device certification programs
Automotive protocol fuzzing (CAN, FlexRay, automotive Ethernet, V2X)
Custom protocol fuzzing through Defensics SDK for proprietary interfaces
Medical-device fuzzing for FDA premarket submission evidence

What it is best at

Where Black Duck Defensics Protocol Fuzzing earns its seat

300 prebuilt test suites

Library of nearly 300 fuzz testing suites covering RFCs, file formats, network protocols, ICS protocols, automotive protocols, and APIs. Programs avoid rebuilding coverage the library already provides.

Generative model-based fuzzing

The fuzzer uses formal protocol models and grammars to systematically explore protocol input spaces. Reproducible test cases survive regression cycles and feed crash triage workflows.

Black-box testing without source code

Defensics fuzzes against the running protocol implementation without requiring source code access. Programs can fuzz vendor protocol stacks, third-party libraries, and proprietary firmware where source is unavailable.

Defensics SDK for proprietary protocols

The SDK extends fuzzing coverage to customer-specific and proprietary protocols. Programs running uncommon or customized interfaces use the SDK to author custom suites that deploy like the prebuilt ones.

Feedback-driven prioritization

Feedback sources let the engine prioritize test paths most likely to expose new behaviors. Reduces wasted fuzz cycles on input spaces unlikely to surface vulnerabilities.

Core capabilities

Black Duck Defensics Protocol Fuzzing capabilities, grouped by outcome

Test-suite library

The prebuilt coverage that gives Defensics its breadth.

Network protocol suites
TCP, UDP, IPv4, IPv6, TLS, SSH, MQTT, CoAP, HTTP/2, HTTP/3, DNS, DHCP, SIP, RTP, and the broader network protocol landscape.
Industrial-control protocol suites
Modbus, DNP3, IEC 60870-5, IEC 61850, OPC UA, BACnet, and the ICS protocol surface critical to OT security programs.
Automotive protocol suites
CAN, FlexRay, automotive Ethernet, ISO 14229 UDS, ISO 15118 V2G, V2X, and the automotive cybersecurity landscape relevant to UN R155 and ISO 21434.
File format suites
PDF, image formats (JPEG, PNG, TIFF), video formats, archive formats, and document formats commonly parsed by enterprise applications.
API and web protocol suites
REST and SOAP APIs, GraphQL, WebSocket, and the API protocol surface relevant to web service fuzzing.

Fuzzing engine

How Defensics actually generates and prioritizes test cases.

Model-based generative fuzzing
Formal protocol models and grammars drive systematic exploration of protocol input spaces. Test cases are reproducible across regression cycles.
Feedback-driven prioritization
Feedback sources from the test target prioritize test paths likely to expose new behaviors or vulnerabilities. Reduces wasted fuzz cycles.
Black-box testing
Fuzzes against running protocol implementations without source code access. Works against vendor stacks, proprietary firmware, and third-party libraries.

Defensics SDK

How customers extend coverage to proprietary protocols.

Custom suite authoring
SDK framework for creating custom model-based fuzzers. Customers author suites for proprietary, customized, or uncommon protocols.
Custom suites deploy like prebuilt suites
SDK-authored suites integrate into the same lab workflow and crash-triage discipline as the prebuilt library.
Customer-specific protocol coverage
Programs with internal proprietary protocols (proprietary IoT, defense, industrial) use the SDK to extend Defensics coverage to those interfaces.

Lab and crash workflow

How Defensics fits inside an OT or IoT security lab.

Reproducible test cases
Test cases generated from formal models survive regression cycles. Crashes can be reproduced for triage and remediation validation.
Crash triage workflow
Crashes flow into a triage workflow where engineers analyze stack traces, classify vulnerabilities, and validate fixes against the same test cases.
Lab orchestration
Defensics deploys in dedicated lab environments with target devices, traffic generation, and crash collection infrastructure.

Where it fits in the stack

How Black Duck Defensics Protocol Fuzzing connects to the rest of your landscape

Black Duck platform (native)

Native

Black Duck SCAFindings on protocol-implementation libraries flow into Black Duck SCA for dependency-side risk tracking.
Software Risk ManagerDefensics findings flow into Software Risk Manager (ASPM) for cross-tool correlation across protocol fuzzing and other AppSec scanners.

Lab infrastructure (certified)

Certified

Traffic generation hardware (Ixia, Spirent, Keysight)Lab traffic-generation infrastructure paired with Defensics for high-throughput fuzzing.
Crash dump collectors and analyzersCrash collection and analysis infrastructure for stack-trace classification and vulnerability triage.
Hardware-in-the-loop simulatorsHIL simulators for automotive and industrial-control fuzzing programs.

Custom integrations

Custom

Custom protocol libraries (Defensics SDK)Customer-authored suites for proprietary, customized, or uncommon protocols.
Internal lab orchestrationCustom integration into customer-built lab automation and target-device management systems.
Internal compliance reportingCustomer-specific evidence packages for FDA premarket submission, UN R155, ISO 21434, and other regulatory frameworks.

Deployment and implementation

How it rolls out

Hosting: On-prem (Customer-controlled lab environments)
Implementation complexity: High
Typical time to value: Lab setup and first prebuilt suite running in two to four weeks. Crash triage workflow operational in six to eight weeks. SDK custom suite authoring (when in scope) typically four to eight weeks per protocol. Enterprise lab program rollout in eight to twelve weeks.
Prerequisites: Lab environment with target devices and traffic generation infrastructure
Suite catalog priorities and protocol coverage decision
Crash triage workflow owner named
Reproducibility infrastructure for regression cycles
SDK access for custom protocol coverage (when in scope)
What Merito usually handles: Defensics deploys in customer-controlled lab environments rather than as a SaaS scanner. Merito handles lab setup, target-device integration, suite curation against the customer's protocol surface, crash triage workflow design, runbook authoring, and SDK custom-suite authoring for proprietary protocols.

Licensing and packaging

How it is bought

Model: Subscription
What to expect: Defensics is licensed by suite count and SDK access. Suite licensing is per protocol family or by bundle. SDK licensing is sold separately. Pricing scales with the protocol coverage in scope and the number of concurrent lab instances. Merito sells the license and scopes lab setup, suite curation, crash triage workflow, and SDK custom-suite authoring as separately priced services.
Editions and modules: Defensics suite licensing
Prebuilt protocol fuzz testing suites licensed by protocol family or bundle.
Best for: Programs running fuzzing against well-known protocol surfaces (IETF RFCs, automotive standards, ICS protocols).
Defensics SDK
Framework for creating custom model-based fuzzers for proprietary, customized, or uncommon protocols.
Best for: Programs with internal proprietary protocols or customized standard-protocol implementations.
Common expansion areas: Add additional protocol family suites (network, ICS, automotive, IoT, file format)
Add Defensics SDK for proprietary protocol coverage
Add Software Risk Manager for cross-tool ASPM correlation including fuzzing findings
Extend lab infrastructure for additional target-device coverage

Merito services

How Merito helps you win with Black Duck Defensics Protocol Fuzzing

Merito sells licenses and the delivery work around them. Pick the service that matches where you are in the lifecycle.

Defensics Implementation

Lab setup, target-device integration, suite curation, crash triage workflow design, and runbook authoring.

Explore service 02

MAPS Assessment

Security program scoping for Defensics adoption alongside other fuzzing platforms and IoT/OT security tooling.

Explore service 03

Premium Support

Named engineer, priority SLAs, and release-window coverage for Defensics in production.

Explore service 04

Managed Services

Long-term run support including ongoing suite curation, SDK rule maintenance, crash triage operations, and lab infrastructure evolution.

Explore service 05

Training and Enablement

Role-based training for lab engineers, OT/IoT security architects, and crash triage analysts using Defensics output.

Explore service 06

Staff Augmentation

Merito-placed Defensics engineers and protocol fuzzing specialists embedded on long-running lab programs.

Explore service

Defensics licensing

Buy Defensics from the partner that runs the lab and authors the SDK suites.

Protocol fuzzing is a lab program. Buy Defensics through Merito and get the lab setup, suite curation, crash triage workflow, and SDK rule authoring together.

Request Defensics pricing

Merito point of view

Defensics is a lab program, not a scanner. The lab discipline determines the program outcome.

Test-suite breadth is genuinely the differentiator. Programs running protocol fuzzing without the Defensics suite library spend significant engineering time recreating coverage that the library already provides. Customers comparing fuzzing platforms should weight the prebuilt suite count and the maintenance commitment heavily because that is where the practical engineering hours go.

Defensics deployments are heavier than scanner rollouts. Programs that scope Defensics like a SAST tool underestimate the lab setup, target-device integration, reproducibility infrastructure, and crash-triage discipline the product requires. Merito's engagement model treats Defensics as a lab-based program with the operating model designed up front.

The SDK is the right answer for proprietary protocols. Programs with internal IoT, defense, or industrial protocols use the SDK to author custom suites that deploy alongside the prebuilt library. Authoring SDK suites takes engineering time but produces durable coverage. Programs that skip the SDK on proprietary protocols leave a meaningful coverage gap.

What buyers usually underestimate

Scoping Defensics like a SAST or DAST scanner without lab setup and crash-triage discipline
Skipping SDK rule authoring on programs with significant proprietary protocol coverage
Treating prebuilt suites as exhaustive without periodic curation against new RFCs and standards
Letting crashes accumulate without triage workflow operating model
Not maintaining reproducibility infrastructure across regression cycles

Related from Merito

Continue exploring Black Duck Defensics Protocol Fuzzing on Merito

Black Duck Defensics FAQs

Consultation request

Talk to Merito about Defensics

Share your protocol surface, target devices, and certification requirements. A Merito Defensics specialist follows up within one business day.

300 prebuilt suites

Network, ICS, automotive, IoT, APIs

The library covers RFCs, file formats, and the protocol surface most enterprise programs need. Programs avoid rebuilding what the library already provides.

Lab program

Setup, suite curation, crash triage

Defensics is a lab program rather than a SAST scanner. Merito designs the lab, curates suites, and stands up the crash triage workflow.

Next step

Stand up the fuzzing lab before the next product certification cycle.

A Defensics engagement with Merito starts with the lab setup, target-device integration, and suite curation. The first crashes surface in week three when the lab is operating.

Book a Defensics consultation

Black Duck Defensics Protocol Fuzzing

Merito sells Defensics and operates the lab setup, suite curation, crash triage, runbook authoring, and SDK rule design that turn protocol fuzzing into a repeatable security program.

How it rolls out

Hosting

On-prem (Customer-controlled lab environments)

Implementation complexity

High

Typical time to value

Lab setup and first prebuilt suite running in two to four weeks. Crash triage workflow operational in six to eight weeks. SDK custom suite authoring (when in scope) typically four to eight weeks per protocol. Enterprise lab program rollout in eight to twelve weeks.

Prerequisites

Lab environment with target devices and traffic generation infrastructure
Suite catalog priorities and protocol coverage decision
Crash triage workflow owner named
Reproducibility infrastructure for regression cycles
SDK access for custom protocol coverage (when in scope)

What Merito usually handles

Defensics deploys in customer-controlled lab environments rather than as a SaaS scanner. Merito handles lab setup, target-device integration, suite curation against the customer's protocol surface, crash triage workflow design, runbook authoring, and SDK custom-suite authoring for proprietary protocols.

How it is bought

Model

Subscription

What to expect

Defensics is licensed by suite count and SDK access. Suite licensing is per protocol family or by bundle. SDK licensing is sold separately. Pricing scales with the protocol coverage in scope and the number of concurrent lab instances. Merito sells the license and scopes lab setup, suite curation, crash triage workflow, and SDK custom-suite authoring as separately priced services.

Editions and modules

Defensics suite licensing
Prebuilt protocol fuzz testing suites licensed by protocol family or bundle.
Best for: Programs running fuzzing against well-known protocol surfaces (IETF RFCs, automotive standards, ICS protocols).
Defensics SDK
Framework for creating custom model-based fuzzers for proprietary, customized, or uncommon protocols.
Best for: Programs with internal proprietary protocols or customized standard-protocol implementations.

Common expansion areas

Add additional protocol family suites (network, ICS, automotive, IoT, file format)
Add Defensics SDK for proprietary protocol coverage
Add Software Risk Manager for cross-tool ASPM correlation including fuzzing findings
Extend lab infrastructure for additional target-device coverage

Talk to Merito about Defensics

Share your protocol surface, target devices, and certification requirements. A Merito Defensics specialist follows up within one business day.

300 prebuilt suites

Network, ICS, automotive, IoT, APIs

The library covers RFCs, file formats, and the protocol surface most enterprise programs need. Programs avoid rebuilding what the library already provides.

Lab program

Setup, suite curation, crash triage

Defensics is a lab program rather than a SAST scanner. Merito designs the lab, curates suites, and stands up the crash triage workflow.