In recent years, the Code Intelligence project has explored possibilities with high precision and easy to understand applications to identify vulnerabilities in source code. Here it was confirmed that Fuzzing was the most critical security vulnerability found in recent years.
As useful as fuzzing is in uncovering bugs in software, setting it up and using it properly is time-consuming and requires highly qualified IT security experts. Fuzzing has so far only found its way into the QM process by big players like Microsoft and Google. To enable you to benefit from fuzzing, Code Intelligence has developed the CI Security Suite.
CI Security Suite
The CI-Security Suite helps you with fuzzing into your QM process. With the help of fuzzing, critical vulnerabilities and crashes will detected without false positives. This software solution allows developers without software testing expertise to detect and close security vulnerabilities in the software code before they lead to unwanted foreign accesses and Data loss coming in. The CI Security Suite is a preventive way to ensure security and quality in software code. It is designed to support companies from the beginning of software code development to regular quality assurance checks.
Yakdan, Khaled, et al. “No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantic-Preserving Transformations.” NDSS. 2015. Distinguished Paper Award.
Yakdan, Khaled, et al. “Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study.” Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016.
Perl, Henning, et al. “VCCFinder: Finding potential vulnerabilities in open-source projects to assist code audits.” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015.