|
By Natalia Kazankova
Buffer overflows are one of the oldest and most dangerous vulnerabilities in software security. A heap buffer overflow was the second most exploited vulnerability in 2023. Over the years, it has enabled countless attacks, often with severe consequences, such as Cloudbleed in 2017. Despite advances in security practices, buffer overflows continue to pose significant risks, especially in software written in low-level languages like C and C++.
|
By Code Intelligence
AUTOSAR Simulator Enables Automotive Suppliers to Test Complete AUTOSAR Systems for Security Issues and Bugs Without Hardware.
|
By Khaled Yakdan
Testing Classic AUTOSAR applications has long been a significant challenge due to the reliance on hardware-in-the-loop (HiL) setups, which are costly, complex, and hard to scale. Code Intelligence’s new lightweight AUTOSAR simulator revolutionizes this process by enabling entire AUTOSAR applications to run on x86 Linux systems, thus facilitating software-in-the-loop (SiL) testing.
|
By Natalia Kazankova
Eric Brüggemann, the new CEO of Code Intelligence, stepped into the role in September. We asked him about his vision of the role and future of AI and fuzz testing in securing automotive software.
|
By Code Intelligence
Former BCG and Thinkproject Executive to Lead Code Intelligence Through Continued International Expansion.
|
By Khaled Yakdan
Out-of-bounds memory access, also known as buffer overflow, occurs when a program tries to read from or write to a memory location outside the bounds of the memory buffer that has been allocated for it. This type of vulnerability is particularly dangerous because it can lead to various issues, including crashes, data corruption, sensitive data leaks, and even the execution of malicious code.
|
By Natalia Kazankova
Embedded software development presents unique challenges due to its close integration with hardware, strict real-time requirements, and the need for high reliability and safety. The V-Model, also known as the Verification and Validation model, offers a structured approach that effectively addresses these challenges. This blog post delves into the V-Model's intricacies and elucidates how it enhances the testing of embedded software.
|
By Natalia Kazankova
One of the most effective security testing methods for embedded systems is fuzz testing. It’s the fastest way to identify memory corruption errors and their root cause. It enables a shift-left testing approach, recommended by many industry standards, and reaches up to 100% code coverage. Read on for the details.
|
By Khaled Yakdan
Software-in-the-loop (SiL) testing is a pivotal method in the software development lifecycle, especially for embedded systems and critical applications. By simulating real-world conditions and integrating software components within a controlled virtual environment, SiL allows for the early detection of bugs, ensuring higher code quality and reliability. Read on to learn how to introduce SiL testing in your project.
|
By Natalia Kazankova
The United States Food and Drug Administration (FDA) is a federal agency within the Department of Health and Human Services. The FDA is responsible for protecting and promoting public health through the control and supervision of medications, vaccines, biopharmaceuticals, medical devices, and other types of products. To ensure the safety and security of medical devices, the FDA supports a variety of standards and guidelines that medical device manufacturers are highly recommended to follow.
|
By Code Intelligence
About this webinar: Join the webinar to learn and see an in-depth live demo on how you can leverage fuzz testing to detect out-of-bound memory access bugs and similar vulnerabilities in C and C++ projects.
|
By Code Intelligence
The Crowdstrike incident is a recent example of out-of-bounds memory access in C/C++ causing a crash. CrowdStrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library. Remarkably, fuzz testing could identify this issue in less than 10 seconds. Watch the video to see fuzz testing in action.
|
By Code Intelligence
Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..
|
By Code Intelligence
CARIAD has been building one unified software platform for all Volkswagen brands to provide them with reliable software and digital best practices. In recent years, CARIAD and the rest of the automotive software sector faced extensive industry regulation and an array of dangerous and costly vulnerabilities. By introducing feedback-based fuzzing, an advanced white-box testing method that uses self-learning AI to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.
|
By Code Intelligence
The manual effort required to set up dynamic testing methods such as feedback-based fuzzing, presents a major barrier to adoption to many dev teams. CI Spark obliterates this barrier by automating the most labor-intensive parts of AI-powered white-box testing, which is identifying relevant entry points (e.g., an API that handles user data) and developing tests that are tailored to their structure.
|
By Code Intelligence
In today's fast-paced software environment, third-party code has become irreplaceable. With 96% of codebases containing open-source dependencies, the image is clear: open-source is ubiquitous in the development landscape.
|
By Code Intelligence
In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.
|
By Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
|
By Code Intelligence
Learn how AI.powered white-box testing leverages the internal design of the software under test to bugs and vulnerabilities that are off-limits to traditional testing methods.
|
By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
- October 2024 (3)
- September 2024 (3)
- August 2024 (4)
- July 2024 (2)
- June 2024 (1)
- May 2024 (4)
- April 2024 (4)
- March 2024 (3)
- February 2024 (1)
- January 2024 (2)
- December 2023 (1)
- October 2023 (2)
- September 2023 (3)
- August 2023 (4)
- July 2023 (3)
- June 2023 (1)
- May 2023 (2)
- April 2023 (8)
- March 2023 (10)
- February 2023 (8)
- January 2023 (6)
- December 2022 (11)
- November 2022 (14)
- October 2022 (13)
- September 2022 (10)
- August 2022 (2)
- June 2022 (2)
- May 2022 (1)
- April 2022 (1)
- February 2022 (2)
- January 2022 (2)
- December 2021 (9)
Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.
Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.
Secure Your Code With Each Pull Request:
- Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
- Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
- Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
- Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
- Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.
Find, Triage, and Fix Security Issues at Scale .