Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Videos

How Code Coverage Helped Me Find 3 SQL Injections

For web applications with a login, it is kind of obvious that you cannot achieve a high coverage without logging in. Any experienced tester would be able to recognize this immediately. And even for blackbox scans, most developers would use a login to improve their code coverage.

My New Year's Resolution As A Java Dev | Code Intelligence

Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

In this video, I demonstrate how to use CI Fuzz CLI, a simple and easy-to-use fuzz testing tool, to find unexpected bugs and vulnerabilities in Java software. I walk through the process of setting up and running a fuzz test, including creating a configuration file, adding dependencies to a Maven project, and writing JUnit-compatible fuzz tests. If you're interested in learning more about fuzz testing as a complementary approach to unit testing, this video is for you.

Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing

Check out to try out the tool for yourself! While most Java developers already use unit testing to test whether their application behaves as expected, complementary testing approaches such as fuzz testing enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits.

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities