Skip to content
Close
Deutsche Telekom Fuzzing Success Story

Fuzz testing enabled Telekom security experts to complete projects faster.
Now, they can accept and deliver more new projects.

 


Industry
Telecommunication

Department
Test Center

Size
> 20 000 employees

Location
Bonn, Germany

The Results

Added Business Values

Through the reduced manual effort, the test cycles speed up. Telekom security experts are now able to complete projects faster than ever and can also accept and deliver more new projects. Furthermore, even testers without security knowledge are now able to implement and conduct state-of-the-art security technology. 

Cost Reduction 

Saves 60% of developer time through the fully automated solution and easy-to-use IDE plugin.
 

Increase in Productivity 

Maximizes productivity of costly developers on programming code instead of hunting bugs and security issues.
 

Easy Setup 

Effortless setup of fuzzing for all software projects. The agnostic approach ensures seamless integration into the existing process landscape.
 

Usable Modern Fuzzing 

Modern software tests without expert knowledge, supported by preloaded settings and an intelligent execution engine.

"With Code Intelligence, securing your software can take new paths in terms of quality and efficiency."

Thomas Tschersich
Chief Security Officer // Deutsche Telekom AG

thomastschersich1

The Challenge

Simplify the Use of Advanced Fuzzing Practices

Telekom's success story begins with implementing feedback-based application security testing (FAST) in order to increase the security and quality of the tested software. The Telekom testing team has already been using open-source fuzzing tools such as AFL or libFuzzer for quite some time, but the testing experts also experienced pain points associated with the powerful but complex technology.

Automate Manual Efforts

 Using open-source fuzzers involves a huge amount of manual effort (up to 3 weeks per project).

Overcome High Complexity

 Open-source fuzzing tools like AFL or libFuzzer require advanced knowledge.

Handle Lack of Security Experts

 Due to the lack of professionals on-the-job market, the department was not able to take on all incoming projects.

The Solution

Fuzz Testing Platform CI Fuzz

With this in mind, Telekom implemented CI Fuzz at the beginning of June 2019 as an easy-to-use testing platform for feedback-based fuzzing.

Shortened Testing Time

 The use of CI Fuzz has already produced measurable results in a short time. Thanks to the simplified deployment of new test projects and the user-friendly interface, the Telecom Test Center is now able to test projects in a fraction of the time: one of the testers stated that the test time per project had fallen by 66%. 

Advanced Bug Detection

 In addition, Code Intelligence has implemented structure-aware fuzzing as a new feature, resulting in increased efficiency of the fuzzing engine. Not only software bugs but also critical security vulnerabilities leading to CVEs (Common Vulnerabilities and Exposures) have been uncovered. 

What The Future Holds

Telekom and Code Intelligence are now working together on the roll-out of CI Fuzz to the entire Telekom corporation. The vision is to realize a „shift-left“ in the software development lifecycle (SDLC), so that feedback-based fuzzing is used not only around test centers but also already during software development. In this study case, development teams can be supported in creating more secure software and the test center has more capacity for external assignments.

Get Started With CI Fuzz

Talk to our developers to learn how the CI Fuzz testing platform can help you provide secure and reliable software.