Code Intelligence

Dec 9, 2022   |  By Josh Grant
All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.
Nov 29, 2022   |  By Code Intelligence
The CI Fuzz CLI Tool Enables Developers to Find and Fix Functional Bugs and Security Vulnerabilities by Dynamically Generating Millions of Unusual Test Inputs.
Nov 29, 2022   |  By Markus Zoppelt
Today, I want to show you a way how to increase the integrity and functionality of your Java applications, with fuzz testing. This awesome testing approach has done me great service for building more secure Java applications, and it's basically as simple as unit testing. In this article, I will share how you can apply fuzz testing to your own code. And the best part: all code examples and tools I will use are 100% open-source.
Nov 24, 2022   |  By Josh Grant
Mock testing, also called mocking, is an integral part of the embedded software development process as it allows you to test your code without relying on actual hardware. This can be extremely helpful when trying to debug your code or test new features. During fuzzing testing, applications are tested using unexpected or invalid inputs. Modern fuzzers generate these inputs based on feedback about the SUT’s interaction with previous test inputs.
Nov 23, 2022   |  By Josh Grant
In software testing, negative testing refers to the practice of feeding a system with unexpected or invalid inputs. Given an input field that accepts numeric values from 0-100, positive tests would assess if the application does what it's supposed to do, given input values such as "1", "2" or "99".
Nov 14, 2022   |  By Josh Grant
Due to increasing connectivity and dependencies, modern embedded applications in many industries including automotive, aviation, and even automated cow brushes (no joke) are constantly growing more complex. This complexity comes with implications for embedded testing tools and requires plenty of manual effort, depending on the toolchain. From an operational perspective, many embedded industries are tightly staffed and work in long cycles with strict deadlines.
Nov 11, 2022   |  By Raghudeep Kannavara
The growing complexity of embedded systems coupled with the advent of increasingly sophisticated security attacks highlights a dire need for advanced automated vulnerability analysis tools. Fuzzing is an effective proven technique to find security-critical issues in systems, often without needing to fully understand the internals of the system under test.
Nov 8, 2022   |  By Jochen Hilgers
Today, I would like to show you to a simplified fuzz testing approach that enables secure coding of C and C++ applications. If you read this article to the end, you will learn about an automated security testing approach for C/C++ that can protect your applications against all sorts of memory corruptions and other common C/C++ vulnerabilities.
Oct 28, 2022   |  By Sergej Dechand
The modern vehicle comes equipped with a variety of software systems. Especially features that connect it to the outside world, such as online updates, fleet management and communication between vehicles, offer attack surface. The security of automotive software is crucial, not only because bug-induced call-backs are costly, but also because the well-being of passengers depends on it.
Oct 26, 2022   |  By Khaled Yakdan
Cross-site scripting has been at the top of the OWASP Top 10 for nearly a decade. In this article, we'll explore everything you need to know about XSS, the associated risks, and countermeasures you can take.
Nov 23, 2022   |  By Code Intelligence
Victor Marginean from Argus Cyber Security will speak about the importance of end-to-end security verification, including fuzzing on SW and real interfaces. He will present how this can be used as a pillar integrated as part of the CI/CD and how it can also be monitored from the Vehicle Security Operating Centers used by OEMs. Victor presented this talk at FuzzCon Europe - Automotive Edition 2022. Learn more about this and more talks at fuzzcon.eu.
Nov 23, 2022   |  By Code Intelligence
In their talk, René Palige and Rosemary Joshy from Continental will share some insights on how they utilized fuzzing to improve overall software quality and how this can be integrated into existing verification and validation processes. They will further describe some of their experiences while applying coverage-guided fuzzing in ongoing automotive projects, what challenges they faced and how they overcame them.
Nov 23, 2022   |  By Code Intelligence
In this talk, Andreas Weichslgartner from CARIAD will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.
Nov 23, 2022   |  By Code Intelligence
Li Yuekang from NTU Singapore, & Dr. Sheikh Mahbub Habib from Continental present this talk. Software testing typically requires these three steps: Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task. However, through industry practice, they find that target program execution can be challenging for libraries or IoT software.
Nov 18, 2022   |  By Code Intelligence
FuzzCon Automotive is an uprising application security testing conference, bringing together developers, DevOps Engineers, and security experts to make automotive software more reliable and secure. Stay tuned for details about the speakers, agenda, and more!
Oct 28, 2022   |  By Code Intelligence
What to Expect CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this live stream, our expert Daniel will: All code examples and tools used are open-source.#c/c++ #fuzzing #security #opensource #automotive
Oct 21, 2022   |  By Code Intelligence
JavaScript is widely used in both backend and frontend applications. Crashes that cause downtime or other security issues are very common in NodeJS packages. Jazzer.js makes it easy for developers to find such edge cases. In this live stream, Norbert will show you how to secure JavaScript applications using the open-source fuzzer Jazzer.js.
Oct 18, 2022   |  By Code Intelligence
In this tutorial, I will show you how to set up and run a fuzz test on a C/C++ application, with the CI Fuzz CLI. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.
Oct 5, 2022   |  By Code Intelligence
CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities

Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.

Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.

Secure Your Code With Each Pull Request:

  • Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
  • Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
  • Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
  • Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
  • Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.

Find, Triage, and Fix Security Issues at Scale .