https://www.embedded-world.de/en/ausstellerprodukte/embwld20/product-10224289/ci-fuzz

CI Fuzz is a state-of-the-art security testing software. It offers easy IDE integration that saves developers’ time and effort while drastically improving the stability and reliability of the codebase.

Why Code Intelligence?

Get access to state-of-the-art technology: Feedback-based fuzzing and concolic code execution
Achieve reliable testing results: Almost no false positives due to the combination of dynamic and static analysis
Improve the discovery of vulnerabilities: Higher code coverage
No additional effort: IDE integration helps to define tests while writing the code
Maximize your productivity: Browse and replay the found bugs and fix them more quickly
Test when and where you need it: Fast and reliable source code testing integrates into your CI/CD process

Technical features

Supplements feedback-based fuzzing with concolic execution
Combines several fuzzing engines: AFL++, libFuzzer with -Sanitizers and honggfuzz
Additionally includes classic fuzzing approaches generating patterns such as radamsa
Utilizes grammar-aware fuzzing for structured inputs
Uses a framework similar to Qsym and Driller for concolic execution
Includes, where applicable, APIs and network sockets into testing

Usability

CI Fuzz offers an easy to use interface to apply these advanced technologies. No deep technical knowledge of fuzzing is required. Instead, users just define which functions or interfaces (e.g. network sockets) they want to have tested and our software does the rest.

Our IDE plugin displays which parts of the code have been reached by the fuzzer and visualizes the fuzzing process. Found crashes can also be replayed by starting the IDE’s debugger with the input causing the crash. Alternatively, you can interact with the core software using the command line.

Continuous integration

Code Intelligence software easily integrates into a standard CI / CD workflow such as Jenkins, the fuzz tests are run automatically with each new code change and incidents are reported timely. We also handle special requests for fuzzing on a Kubernetes cluster.

Code Intelligence GmbH enables companies to simplify their software testing processes. Our solution - CI Fuzz - enhances security testing efficiency and enables even developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and a continuous quality management can be realized.

Code Intelligence, headquartered in Bonn, Germany, supports companies such as Bosch, Deutsche Börse and Deutsche Telekom in the efficient and cost-effective use of state-of-the-art application security testing technologies such as coverage-based fuzzing. Visit us at https://code-intelligence.com/.