Code Intelligence

  |  By Natalia Kazankova
In the domain of software testing and security analysis, fuzzing has emerged as a powerful technique for uncovering vulnerabilities and enhancing the resilience of software systems. Microsoft and Google have been using fuzzing for ages. They were early adopters of fuzzing technologies to test their own systems. Since launching in 2016, Google's OSS-Fuzz, a free fuzzing platform for critical open-source projects, has helped fix over 8,800 vulnerabilities and 28,000 bugs across 850 projects.
  |  By Antonio Mimmo
In 2023, cyber threats increased and diversified, resulting in increased security challenges for organizations around the globe. Meanwhile, AI greatly increased its presence in the realm of cybersecurity, both negatively and positively. 2024 is going to be a year in which advanced AI tools and complex social engineering tactics will further alter the cybersecurity game. In this article, we will focus on the most important cybersecurity threats in 2024.
  |  By Sergej Dechand
Most modern vehicles are equipped with a variety of software systems and resemble sophisticated computers on wheels. The ISO/SAE 21434 standard is a framework that provides recommendations and requirements for secure software development in the automotive industry. But what is ISO 21434 exactly? And what can we expect from automotive software security in 2024? Read on and find out!
  |  By Josh Grant
In 2023, cyberthreats increased and diversified, resulting in increased security challenges for organizations around the globe. Meanwhile, AI greatly increased its presence in the realm of cybersecurity. It’s time to look ahead and focus on the anticipated cybersecurity threats and trends in 2024. What can we expect from threat actors and security specialists in the upcoming year? Read on and find out!
  |  By Sergej Dechand
We live in a world that depends on embedded software. It’s in the cars we drive, the elevators we use and the planes we travel in. As these systems become increasingly complex, the security and functionality of embedded software systems is becoming integral to software development. However, due to the nature of embedded systems, many traditional testing methods fall short of providing adequate security for them.
  |  By Sergej Dechand
The automotive industry constantly evolves, particularly in software development. From electronic control units and hardware security modules to advanced driver-assistance systems (ADAS), the complexity and functionality of automotive software have increased exponentially. This has opened new frontiers in efficiency, safety, and user experience but also introduced significant security threats.
  |  By Alexander Thiam
The impact of AI tools on software development is starting to make itself felt. As the productivity of developers increases, so does the necessity for software testing. Luckily, AI is also seeing increasing adoption in testing, enabling dev teams to ensure robust and secure software despite increasing output. In this in-depth guide, we will explore the top 18 AI testing tools in 2023 that have the potential to take your testing processes to the next level. Overview.
  |  By Code Intelligence
CI Spark Combines LLMs and Self-Learning AI to Power the Next Generation of Software Testing.
  |  By Khaled Yakdan
Finding deeply hidden and unexpected vulnerabilities early in the development process is key. However, time to invest in proactive tests is limited. Prioritizing speed over security is common. Our new AI-assistant CI Spark closes this gap and enables both speed and security. CI Spark makes use of LLMs to automatically identify attack surfaces and to suggest test code. Tests generated by CI Spark work like a unit test that automatically generates thousands of test cases.
  |  By Roman Wagner
The maintainers have already released an update fixing the issue. Versions before 0.7.5 are affected and thus vulnerable to Prototype Pollution. We strongly recommend that impacted users upgrade to the newer version that includes the fixes, i.e., version 0.7.5 and above.We have found a new Prototype Pollution vulnerability in the JavaScript package tree-kit in all versions before 0.7.5. The maintainer of tree-kit has released an update that fixed the issue on 21 July 2023.
  |  By Code Intelligence
Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..
  |  By Code Intelligence
CARIAD has been building one unified software platform for all Volkswagen brands to provide them with reliable software and digital best practices. In recent years, CARIAD and the rest of the automotive software sector faced extensive industry regulation and an array of dangerous and costly vulnerabilities. By introducing feedback-based fuzzing, an advanced white-box testing method that uses self-learning AI to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.
  |  By Code Intelligence
The manual effort required to set up dynamic testing methods such as feedback-based fuzzing, presents a major barrier to adoption to many dev teams. CI Spark obliterates this barrier by automating the most labor-intensive parts of AI-powered white-box testing, which is identifying relevant entry points (e.g., an API that handles user data) and developing tests that are tailored to their structure.
  |  By Code Intelligence
In today's fast-paced software environment, third-party code has become irreplaceable. With 96% of codebases containing open-source dependencies, the image is clear: open-source is ubiquitous in the development landscape.
  |  By Code Intelligence
In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.
  |  By Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
  |  By Code Intelligence
Learn how AI.powered white-box testing leverages the internal design of the software under test to bugs and vulnerabilities that are off-limits to traditional testing methods.
  |  By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
  |  By Code Intelligence
Building secure and reliable APIs is an essential and challenging endeavor. Traditional API testing approaches perform blackbox testing and test the application through the network. This is both slow and lacks deep insights into how the tested application handles API requests. Also, it happens late in the software development lifecycle as it requires a complete application deployment.
  |  By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.

Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.

Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.

Secure Your Code With Each Pull Request:

  • Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
  • Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
  • Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
  • Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
  • Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.

Find, Triage, and Fix Security Issues at Scale .