Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Code Intelligence

code intelligence

Expression DoS Vulnerability Found in Spring - CVE-2023-20861

As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.

code intelligence

11 Tips for Unit Testing in Java

Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.

CI Rewind - Introduction to JavaScript Fuzzing

JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime and other security issues, such as Crashes, Denial-of-Service (DoS) and Uncaught Exceptions. In this session, you will learn about.

Fuzzing in Jest - One Unified Workflow for Functional and Security Testing

In this coding session, fuzzing expert Josh Grant will demo how the integration of Jazzer.js into Jest enables a unified workflow for functional and security testing in JavaScript. All with the familiar look and feel of a unit test.

Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities

Developers who run unit tests in Jest can now test their JavaScript applications for bugs and security vulnerabilities, including remote code execution, cross-site scripting, and injections.
code intelligence

How CI/CD-Integrated Fuzzing Improves Automotive Software Security

As vehicles are becoming increasingly dependent on software, automotive software teams are adopting CI/CD (continuous integration and continuous deployment/delivery). This enables them to build, test, and deploy code faster than ever while simultaneously reducing potential maintenance costs. In automotive projects, functional and security bugs can be highly consequential, especially if they are found in the later stages of software development or, even worse, after shipping.

code intelligence

How to Fuzz JavaScript with Jest and Jazzer.js

In this post, we will show how you can write fuzz tests for your JavaScript projects in Jest as easily as regular unit tests. To make this possible, we have added integration for Jazzer.js into Jest, which enables you to write fuzz tests using the familiar Jest API. Additionally, you get great IDE support with features such as debugging and test coverage reporting out-of-the-box. This integration enables a smooth user experience with the advanced fuzzing technology provided by Jazzer.js.

Automated Fuzzing | How You Can Find the Log4j Vulnerability in Less Than 10 Minutes

While most developers rely on unit testing to test whether their application behaves as expected, complementary testing approaches such as automated fuzz testing can enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits, or Remote Code Execution (RCE) attacks such as the recent Log4j vulnerability.