Code Intelligence Unveils Simple Open-Source Tool
to Automatically Test Java Applications
for Unexpected Behaviors
The CI Fuzz Tool Enables Developers to Find and Fix Functional Bugs and Security Vulnerabilities by Dynamically Generating Millions of Unusual Test Inputs
Code Intelligence Unveils Simple Open-Source Tool
to Automatically Test Java Applications
for Unexpected Behaviors
The CI Fuzz CLI Tool Enables Developers to Find and Fix Functional Bugs and Security Vulnerabilities by Dynamically Generating Millions of Unusual Test Inputs
Bonn, Germany — November 29, 2022 — Code Intelligence today announced its open-source Command-Line Interface (CLI) tool, CI Fuzz, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale. CI Fuzz leverages genetic and evolutionary algorithms as well as automated instrumentation to dynamically generate millions of unusual inputs to test applications for unexpected behaviors that may lead to serious vulnerabilities, such as remote code execution (as in Log4Shell), crashes or Denial of Service (DoS).
How to trigger bugs and security issues in Java applications with the CI Fuzz
https://www.youtube.com/watch?v=jPzi-imKWMg
Fuzz testing, which can be seen as a complementary approach to unit testing, is gaining popularity in the open-source community. Google’s Open-Source-Security (OSS) team recently reported more than 40,500 bugs in 650 open source projects have been detected through fuzz testing. However, fuzz testing remains new to most developers outside the OSS and security community. A recent study among Golang developers indicates that less than 12% of all participants use fuzz testing at work, citing a lack of understanding as well as challenges with implementation as key reasons for low adoption.
Code Intelligence's new open-source tool aims to tackle these challenges by making fuzz testing accessible and usable for all developers directly from their command line or IDE. By introducing new fuzzing capabilities for Java, CI Fuzz enables continuous application security testing directly in the CI/CD process. This is especially valuable to companies with cloud-based products and services who want to develop a mature DevSecOps pipeline.
“With the CI Fuzz, Java developers can now improve the overall security and robustness of their applications with confidence and ease. It takes just three commands to set up and run a fuzz test. The tool comes with ready-to-use integrations for Maven, Gradle, and Bazel. With a JUnit setup in place, developers can even run fuzz tests directly from their IDE.”, said Werner Krahe, Product Director at Code Intelligence. “If you’re completely new to fuzzing, I recommend starting with a simple test setup. Use your pre-existing unit tests as a template to run local fuzz tests on small libraries and utils. After a while, you could take it further and apply it to more complex testing setups. Ultimately, fuzz testing will provide the best results when running continuously in your CI/CD.”
“Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It’s like having an automated security expert always by your side,” said Thomas Dohmke, the CEO of GitHub.
Join the Livestream on December 8, 2022
As part of an ongoing effort to educate and support developers to ship secure code, Code Intelligence will broadcast a live stream on December 8, 2022, at 4 pm Central European Time (CET), on the topic of “Beyond Unit Testing: How to Uncover Blind Spots in Your Java Code with Fuzzing”. Save the date:
https://www.code-intelligence.com/webinar/beyond-unit-testing
About Code Intelligence
Founded in 2018 by Sergej Dechand, Khaled Yakdan, and Matthew Smith, Code Intelligence offers an automated software security platform that helps developers ship more secure code. The startup has raised $15.7 from Tola Capital, HTGF, Thomas Dohmke (CEO of GitHub), and others. Code Intelligence is trusted by Google, Deutsche Telekom, Bosch, and CARIAD, among others.
About CI Fuzz
The CI Fuzz is an easy-to-use fuzzing tool developed by Code Intelligence that allows developers to set up and run fuzz tests directly from the command line. The security tool supports Linux, macOS and Windows for multiple programming languages, build systems, and testing frameworks such as JUnit. For more information on the CI Fuzz, please visit: https://www.code-intelligence.com/cli-tool
About Fuzz Testing
Fuzz testing is a dynamic testing method for finding functional bugs and security issues in software. During a fuzz test, a program or function under test gets executed with invalid, unexpected, or random inputs to uncover unlikely or unexpected edge cases. Learn more: What is Fuzz Testing?
Media Kit
https://www.code-intelligence.com/press
Media Contact
Related Press Releases
Code Intelligence Raises $12M for Dev-First Security
We are thrilled to announce that we secured Series A funding of $12 Million and welcome Thomas Dohmke, CEO of GitHub as our new business angel.
Our Log4j Bug Detectors Are Now in Google’s OSS-Fuzz
Code Intelligence implemented bug detectors for Remote Code Execution Vulnerabilities (RCEs) into Google’s open-source fuzzing framework, OSS-Fuzz.
Open-Source: Jazzer Fixes 19 Bugs in Jsoup
With Jazzer, we were able to find over 19 Bugs in Jsoup. Jsoup is a popular open-source library used to parse, extract and manipulate data stored in HTML.