Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Code Intelligence

code intelligence

Remote Code Execution Vulnerability Discovered in HSQLDB

Oct 19, 2022 By Roman Wagner In Code Intelligence

19.10.2022 - As part of our goal to continuously improve our vulnerability detectors, we continuously test various open-source projects with Jazzer within OSS-Fuzz. In this case, a test run yielded a severe finding with a potential remote code execution in a HSQLDB (CVE-2022-41853).

Read Post

How to Set Up a Fuzz Test in Easy 6 Steps

Oct 18, 2022 By Code Intelligence In Code Intelligence
In this tutorial, I will show you how to set up and run a fuzz test on a C/C++ application, with the CI Fuzz CLI. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.
View Video
code intelligence

The 6 Biggest Challenges of REST API Testing

Oct 6, 2022 By Daniel Teuchert In Code Intelligence

Securing REST APIs is particularly difficult since they are highly interconnected and not designed for manual access. To save time and be more efficient, many developers rely on testing solutions that can automatically detect REST API endpoints and test parameter properties within them. In this article, I want to provide an overview of the 6 biggest challenges of REST API security testing and how test automation can help resolve them.

Read Post
code intelligence

How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Oct 5, 2022 By Roman Wagner In Code Intelligence

Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.

Read Post

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Oct 5, 2022 By Code Intelligence In Code Intelligence
CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities
View Video

How to Fuzz Your Code With 3 Commands | Finding Hidden Bugs in C/C++

Oct 5, 2022 By Code Intelligence In Code Intelligence
CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, our expert Jochen will demonstrate: cover the current state of fuzz testing set up CLI fuzzing within 3 commands uncover multiple bugs and severe memory corruption vulnerabilities All code examples and tools used are open-source.
View Video

Fuzz Testing Automotive Software With Dependencies

Sep 22, 2022 By Code Intelligence In Code Intelligence
The new ISO/SAE 21434 increases the requirement for security testing in the automotive domain. Car manufacturers must now provide advanced security tests for each software component, as part of the validation process. This includes either, penetration testing, vulnerability scanning and/or fuzz testing. But especially the early adoption of fuzz testing is currently becoming best practice among German car manufacturers.
View Video

Fuzzing Web Services | How to Automate Security Testing for Web Applications

Sep 22, 2022 By Code Intelligence In Code Intelligence
Due to their high degree of interconnectivity, web applications are often difficult to secure. In this coding session, Simon Resch demonstrates an approach that allows you to simplify and automate your web application testing using modern fuzzing techniques. Content
View Video
Subscribe to Code Intelligence

Copyright © 2024 OpsMatters™. All rights reserved.