|
By Khaled Yakdan
Software-in-the-loop (SiL) testing is a pivotal method in the software development lifecycle, especially for embedded systems and critical applications. By simulating real-world conditions and integrating software components within a controlled virtual environment, SiL allows for the early detection of bugs, ensuring higher code quality and reliability. Read on to learn how to introduce SiL testing in your project.
|
By Natalia Kazankova
The United States Food and Drug Administration (FDA) is a federal agency within the Department of Health and Human Services. The FDA is responsible for protecting and promoting public health through the control and supervision of medications, vaccines, biopharmaceuticals, medical devices, and other types of products. To ensure the safety and security of medical devices, the FDA supports a variety of standards and guidelines that medical device manufacturers are highly recommended to follow.
|
By Natalia Kazankova
With AI finding adoption throughout all stages of the development process, the SDLC as we know it is becoming a thing of the past. Naturally, this has many implications for the field of software testing. This article will discuss how the SDLC has evolved over time, going into detail on the impact that AI adoption is having on both software development and software testing.
|
By Natalia Kazankova
As AI integrates into every stage of the SDLC, the area of software testing is undergoing transformative and unprecedented changes. In this article, we will discuss the ethical considerations for AI-powered software testing, examining the advantages and potential hurdles generative AI presents as a new technology being applied across the SDLC.
|
By Natalia Kazankova
Static code analysis is widely adopted among organizations for its ability to provide fast feedback loops and identify bugs early in development. However, despite its advantages, numerous bugs and vulnerabilities remain undetected and are only found when they've made their way into production or been caught by late-stage penetration testing. The best security practice involves leveraging both static and dynamic testing, such as fuzz testing.
|
By Natalia Kazankova
As vehicles become increasingly reliant on software, secure and functional Hardware Security Modules (HSMs) are paramount. Unknown vulnerabilities in your automotive software can pose a significant threat to your products and business by putting you at risk of coding errors or insecure configurations, which can be exploited by malicious actors or lead to consequential failures.
|
By Natalia Kazankova
In today's digital and interconnected era, the healthcare sector operates in a landscape of security risks. In 2023 alone, the number of vulnerabilities uncovered in medical devices jumped by 59% to 993 issues. Consequently, the U.S. Food and Drug Administration (FDA), the European Commission, and other governmental agencies have issued cybersecurity guidelines for medical devices. Many of these guidelines advocate for fuzz testing as a means of vulnerability detection.
|
By Code Intelligence
New CI Sense Dashboard Calculates Code Coverage, Number of Findings, and Unit Test Equivalents In Real-Time.
|
By Natalia Kazankova
While unit testing is crucial for improving code quality and reducing later testing time, it consumes at least 15% of developers' time. Developers can utilize automated fuzz tests to allocate more time for developing new features. They replace negative test cases, constituting around 30% of unit tests. In a recent analysis of a Java project using a fuzzing platform, a single fuzz test was equivalent to potentially 309 unit tests, achieving 74% code coverage within just 25 seconds.
|
By Natalia Kazankova
Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit. DAST and fuzzing are two popular, important, and proven security testing methods.
|
By Code Intelligence
Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..
|
By Code Intelligence
CARIAD has been building one unified software platform for all Volkswagen brands to provide them with reliable software and digital best practices. In recent years, CARIAD and the rest of the automotive software sector faced extensive industry regulation and an array of dangerous and costly vulnerabilities. By introducing feedback-based fuzzing, an advanced white-box testing method that uses self-learning AI to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.
|
By Code Intelligence
The manual effort required to set up dynamic testing methods such as feedback-based fuzzing, presents a major barrier to adoption to many dev teams. CI Spark obliterates this barrier by automating the most labor-intensive parts of AI-powered white-box testing, which is identifying relevant entry points (e.g., an API that handles user data) and developing tests that are tailored to their structure.
|
By Code Intelligence
In today's fast-paced software environment, third-party code has become irreplaceable. With 96% of codebases containing open-source dependencies, the image is clear: open-source is ubiquitous in the development landscape.
|
By Code Intelligence
In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.
|
By Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
|
By Code Intelligence
Learn how AI.powered white-box testing leverages the internal design of the software under test to bugs and vulnerabilities that are off-limits to traditional testing methods.
|
By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
|
By Code Intelligence
Building secure and reliable APIs is an essential and challenging endeavor. Traditional API testing approaches perform blackbox testing and test the application through the network. This is both slow and lacks deep insights into how the tested application handles API requests. Also, it happens late in the software development lifecycle as it requires a complete application deployment.
|
By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
- July 2024 (2)
- June 2024 (1)
- May 2024 (4)
- April 2024 (4)
- March 2024 (3)
- February 2024 (1)
- January 2024 (2)
- December 2023 (1)
- October 2023 (2)
- September 2023 (3)
- August 2023 (4)
- July 2023 (3)
- June 2023 (1)
- May 2023 (2)
- April 2023 (8)
- March 2023 (10)
- February 2023 (8)
- January 2023 (6)
- December 2022 (11)
- November 2022 (14)
- October 2022 (13)
- September 2022 (10)
- August 2022 (2)
- June 2022 (2)
- May 2022 (1)
- April 2022 (1)
- February 2022 (2)
- January 2022 (2)
- December 2021 (9)
Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.
Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.
Secure Your Code With Each Pull Request:
- Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
- Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
- Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
- Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
- Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.
Find, Triage, and Fix Security Issues at Scale .