Skip to content
Close
SEARCH
Book a demo
Book a demo
Our Products
CI FuzzAI-automated fuzz testing
Documentation
Product Demo
Our Solutions
Application securityMaximum code coverage
Testing efficiencySecure software with less effort
Vulnerability detectionFix vulnerabilities in your software
ISO 21434 Comply with testing requirements
AUTOSAR SimulatorTest AUTOSAR applications without hardware
By Industry
AutomotiveSoftware testing without hardware dependencies
Medical DevicesFuzz testing for medical device security
Blog
Webinars
White papers & Checklists
About Code Intelligence
Contact Us

CI Fuzz—AI-automated fuzz testing

Maximum code security, minimal manual effort. Save up to 10 hours of manual work on fuzz testing for every 1.000 lines of code.
BOOK A FREE DEMO
Contact us
Spark demo
TRUSTED BY
google-2015-3Deutsche_Telekom_2022 1-3bosch-logo-simple 1-2Secunet_Security_Networks_Logo-2Continental_AG_logo 1-2Cariad_Logo-2ETAS-Logo-2

Find vulnerabilities that truly matter with a single command

Thoroughly test your code with minimal effort from developers and security teams. With CI Fuzz, you can save up to 10 hours of manual testing effort for every 1.000 lines of code.

 

What our clients say about Code Intelligence

ANDREAS LACKNER

SENIOR SOFTWARE DEVELOPMENT ENGINEER, VECTOR INFORMATIK

“By reducing the manual effort for creating and integrating fuzz tests, we are able to bring our cycle time down and further improve the quality of our embedded software.”

MICHAEL VON WENCKSTERN

PRODUCT CYBERSECURITY GOVERNANCE, RISK AND COMPLIANCE SPECIALIST, CONTINENTAL AG

“One of the biggest advantages of instrumented fuzz testing is that you can execute your code in a Software-in-the-Loop simulator. My favourite part of instrumented fuzzing is that finding the root cause is so easy, and for a manager, it means I can save budget.”

ANDREAS WEICHSLGARTNER

SENIOR TECHNICAL SECURITY ENGINEER, CARIAD

"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."

THOMAS DOHMKE

CEO, GITHUB

”Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”

THOMAS TSCHERSICH

CHIEF SECURITY OFFICER, DEUTSCHE TELEKOM AG

”With Code Intelligence, securing your software can take new paths in terms of quality and efficiency.”

ECKART HEYNE

PRODUCT CYBERSECURITY AND PRIVACY OFFICER, CONTINENTAL AG

“Using fuzz testing by Code Intelligence helped our team pass ASPICE for Cybersecurity assessments and obtain ISO 21434 certification. Our products are now more secure. We presented the OEM with the fuzzing results and received positive feedback.”

SALEH HEYDARI

VP OF SOFTWARE ENGINEERING, XOS TRUCKS

”Thanks to Code Intelligence we were able to remediate deeply hidden issues, allowing us to ensure our vehicular software’s optimal functionality and safety. Coming up with the right unit tests for these cases would have been super difficult. With Code Intelligence’s AI-powered tests, we had the first finding within hours!”

From 0 to 80 in 2 seconds. Code Coverage with CI Fuzz.

CI Fuzz analyzes code as it runs. Just like a unit test, but with AI support to efficiently cover all paths through the code.
Bug Find truly relevant and hidden issues and dig deeper every minute

Resolve issues seamlessly with instant access to a full stack trace at your fingertips.

Find truly relevant issues
Uncover real bugs in real time and say goodbye to theoretical issues and false positives. Find real issues with all the information needed to quickly reproduce and fix them.
Watchly Boost efficiency and reduce the number of tests needed

Let CI Fuzz automatically search for issues in the code and dig deeper every minute.

Boost efficiency
Conduct real-time code analysis with CI Fuzz. Take unit tests to the next level. It employs AI for comprehensive code path coverage and automatic generation of thousands of test cases.
Monitor Fix business critical bugs early in the development process

Maximize pipeline performance that doesn't compromise software integrity.

Fix business critical bugs
Test your code with maximum code coverage and automatically detect typical security relevant bugs like injections and remote code executions automatically in one go. Get fully covered to deliver highest quality software.

What is Fuzz Testing?

Are you looking to learn more about fuzzing? Our extensive article describes the fuzzing benefits, industries that use fuzzing, best practices and how to get started. 
block-code
Examples of CWEs uncovered

Catch them all (and get them fixed)

Find safety and security issues like memory corruption, crashes, and runtime bugs. CI Fuzz automatically generates thousands of test scenarios to examine your code during runtime, pinpointing exactly where bugs are hidden and what triggers them. That helps quickly reproduce and fix issues.
Click here to see the full list of vulnerabilities you can find with CI Fuzz.
CWE-119 Improper Restriction of Operations Within the Bounds of a Memory Buffer CWE-416 Use After Free
CWE-823 Use of Out-of-Range Pointer Offset CWE-476 NULL Pointer Dereference
CWE-786 Access of Memory Location Before Start of Buffer CWE-590 Free Memory Not on the Heap
CWE-680 Integer Overflow to Buffer Overflow CWE-362 Signal Handler Race Condition
CWE-466 Return of Pointer Value Outside of Expected Range CWE-366 Race Condition Within a Thread
CWE-787  Out-of-Bounds Write CWE-367 Time-of-Check Time-of-Use (TOCTOU) Race Condition
CWE-125 Out-of-Bounds Read CWE-368 Context Switching Race Condition
CWE-129 Improper Validation of Array Index CWE-421 Race Condition During Access to Alternate Channel
CWE-193 Incorrect Calculation of Buffer Size CWE-1223 Context Switching Race Condition
CWE-193 Off-by-One Error CWE-662 Improper Synchronization
CWE-195 Signed to Unsigned Conversion Error CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-839 Numeric Range Comparison Without Minimum Check CWE-562 Return of Stack Variable Address
CWE-843 Access of Resource Using Incompatible Type ("Type Confusion") CWE-587 Assignment of a Fixed Address to a Pointer
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Ranges CWE-588 Attempt to Access Child of a Non-Structure Pointer
CWE-190 Integer Overflow or Wraparound CWE-1102 Reliance on Machine-Dependent Third-Party Components
CWE-20 Improper Input Validation CWE-1105 Insufficient Encapsulation of Machine-Dependent Functionality
CWE-415 Double Free    

Catch them all (and get them fixed)

Find safety and security issues like memory corruption, crashes, and runtime bugs. CI Fuzz automatically generates thousands of test scenarios to examine your code during runtime, pinpointing exactly where bugs are hidden and what triggers them. That helps quickly reproduce and fix issues.
Click here to see the full list of vulnerabilities you can find with CI Fuzz.
CWE-119 Improper Restriction of Operations Within the Bounds of a Memory Buffer CWE-416 Use After Free
CWE-823 Use of Out-of-Range Pointer Offset CWE-476 NULL Pointer Dereference
CWE-786 Access of Memory Location Before Start of Buffer CWE-590 Free Memory Not on the Heap
CWE-680 Integer Overflow to Buffer Overflow CWE-362 Signal Handler Race Condition
CWE-466 Return of Pointer Value Outside of Expected Range CWE-366 Race Condition Within a Thread
CWE-787  Out-of-Bounds Write CWE-367 Time-of-Check Time-of-Use (TOCTOU) Race Condition
CWE-125 Out-of-Bounds Read CWE-368 Context Switching Race Condition
CWE-129 Improper Validation of Array Index CWE-421 Race Condition During Access to Alternate Channel
CWE-193 Incorrect Calculation of Buffer Size CWE-1223 Context Switching Race Condition
CWE-193 Off-by-One Error CWE-662 Improper Synchronization
CWE-195 Signed to Unsigned Conversion Error CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-839 Numeric Range Comparison Without Minimum Check CWE-562 Return of Stack Variable Address
CWE-843 Access of Resource Using Incompatible Type ("Type Confusion") CWE-587 Assignment of a Fixed Address to a Pointer
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Ranges CWE-588 Attempt to Access Child of a Non-Structure Pointer
CWE-190 Integer Overflow or Wraparound CWE-1102 Reliance on Machine-Dependent Third-Party Components
CWE-20 Improper Input Validation CWE-1105 Insufficient Encapsulation of Machine-Dependent Functionality
CWE-415 Double Free    
AI Test Agent

From start to findings with one command

Save up to 1.000 hours of manual work by launching and running fuzz tests with a single command.  Spark, an AI Test Agent, will automatically run fuzz tests until it meets your pre-defined code coverage goal.
AI Test Agent

Don’t just comply—make your product robust

By using CI Fuzz, you not only comply with various industry standards and customer requirements but also implement state-of-the-art testing technology used by companies like Google and Microsoft. Thus, you deliver higher-quality products that your customers have complete confidence in.
See the full list of industry standards advocating for fuzzing below.
ISO 26262 Road vehicles – Functional Safety SA-11: Developer Security Testing And Evaluation

Automotive SPICE for Cybersecurity Guidelines

Guidelines on Minimum Standards for Developer Verification of Software

UNECE WP.29 United Nations World Forum for Harmonization of Vehicle Regulations

 ISO/IEC 12207 Systems and Software Engineering – Software Life Cycle Processes

ISO/SAE 21434 Road Vehicles — Cybersecurity Engineering

 ISO 22301 Security and Resilience — Business Continuity Management Systems

AAMI TIR 57:2016 Principles For Medical Device Security - Risk Management

 ED-203A / DO-356A Airworthiness Security Methods and Considerations

IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security. Part 5-1: Security — Activities in the product life cycle.

 ISO/IEC/IEEE 29119 Software and Systems Engineering - Software Testing

UL2900-1 and UL2900-2-1 Healthcare and Wellness Systems - Software Cybersecurity for Network-Connectable Products

 ISO 27001 Information Technology – Security Techniques – Information Security Management Systems

Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions

 IT-Grundschutz (Germany) Based on ISO 27001

MDCG 2019-16 Guidance on Cybersecurity for medical devices

 NIST SP 800-95 Web Services — standard for software testing (USA)

ISA/IEC 62443-4-1 Secure Product Development Lifecycle Requirements

  
Fuzz testing solutions comparison guide

CI Fuzz compared to alternatives

Free guide to the fuzz testing landscape

Download free guide covering fuzz testing market and see how CI Fuzz is compared to:

    • other white-box fuzzers
    • protocol black-box fuzzers.

Find bugs and vulnerabilities that truly matter with a single command

Book your free demo with one of our senior engineers now and take the first step towards robust, secure and compliant software development.

  • Catch critical bugs and get them fixed before they get costly.
  • Run fuzz testing process with a single command.
  • Ensure compliance with industry standards.

Join industry leaders and follow in the footsteps of companies like Google, Continental, Bosch, and CARIAD.

Learn more about security testing

Read our blogLearn More
Read our blog
Download white paperLearn More
Download white paper
Read our blogLearn More
Read our blog