Skip to content

AI-powered security testing for embedded software

Uncover edge-case bugs and critical vulnerabilities with every code change in C/C++ projects. Enable developers to reproduce and fix issues in minutes, not weeks.
TRUSTED BY
GoogleDeutsche TelekomBoschSecunetContinentalCariadETAS

The Application Security Testing Platform by Code Intelligence

Code Intelligence enables early security testing for embedded software without hardware dependencies. It leverages AI-driven white-box fuzz testing to detect critical bugs and vulnerabilities early in the development process. Every uncovered bug comes with concrete proof—a triggering test case, inputs, and a precise code line where the bug is hidden. Thus, developers can identify the root cause in minutes and fix bugs quickly. 


Discover more hidden bugs and vulnerabilities with every code change.

Code Intelligence empowers your team to uncover latent functional bugs, robustness issues, such as
OWASP vulnerabilities, and memory corruption within your current test environment.
  • Unit & Integration Tests
  • API Tests
  • Deep Bugs
  • Functional Tests
  • C/C++
// This is the code you want to test
public static String getUser(String id) {
  // SECURITY ISSUE: vulnerable to log4Shell (CVE-2021-44228)
  log.info("Request: user with ID " + id);
  
  Statement stmt = conn.createStatement();
  // SECURITY ISSUE: vulnerable to SQL injection!
  ResultSet rs = stmt.executeQuery("SELECT * FROM users WHERE id = '" + id + "'");
  // handle results
}

// This is the test you write
@FuzzTest
void testGetUser(String generatedId) {
  // Call your method with AI-generated inputs.
  User.getUser(generatedId);
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 2 issues and reached 91% code coverage
* Critical Security Issue: Remote Code Execution in getUser (com.example.User:4)
* Critical Security Issue: SQL Injection in getUser (com.example.User:8)
// This is the code you want to test
char* getUser(const char* id, size_t id_size) {
  char* user_buffer = (char*) malloc(MAX_USER_LENGTH); 
  // SECURITY ISSUE: buffer overflow!
  memcpy(user_buffer, id, id_size);
  // finish constructing the user buffer
}

// This is the test you write
FUZZ_TEST(const char* data, size_t size) {
  // Call your function with AI-generated inputs.
  getUser(data, size);
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 86% code coverage
* Critical Security Issue: Heap Buffer Overflow in getUser (src/user.cpp:5:2)
To assess the issues, check your project on CI Sense
// This is the code you want to test
function getUser(id) {
  // SECURITY ISSUE: vulnerable to command injection!
  const result = execSync(`id -nu ${id}`);
  // handle error and return result
}

// This is the test you write
describe("Test the getUser function", () => {
  it.fuzz("with AI-generated inputs", (data) => {
    getUser(data);
  });
});
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 74% code coverage
* Critical Security Issue: Command Injection in getUser (user/user.js:4:2)
To assess the issues, check your project on CI Sense
  • C/C++
// This is the code you want to test
@SpringBootApplication
@RestController
class MyApplication {

  @GetMapping("/user")
  public String getUser(@RequestParam() String id) {
    Statement stmt = conn.createStatement();
    // SECURITY ISSUE: vulnerable to SQL injection!
    ResultSet rs = stmt.executeQuery("SELECT * FROM users WHERE id = '" + id + "'");
    // handle results
  }
}

// This is the test you write
@FuzzTest
public void testUserEndpoint(String generatedId) throws Exception {
  // Call your API endpoint with AI-generated inputs.
  mockMvc.perform(get("/user").param("id", generatedId));
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 86% code coverage
* Critical Security Issue: SQL Injection in Get User endpoint (com.example.MyApplication:10)
// This is the code you want to test
int getUser(struct Connection *conn, const char *id) {
  sprintf(query, "SELECT * FROM users WHERE id ='%s'", id);
  char *zErrMsg = nullptr;
  
  // SECURITY ISSUE: vulnerable to SQL injection!
  sqlite3_exec(db, query, nullptr, nullptr, &zErrMsg);
  // handle query results
}

// This is the test you write
FUZZ_TEST(const uint8_t *data, size_t size) {
  // Call your API endpoint with AI-generated inputs.
  Client *client = connect_to_server(ip, port);
  client->send_request("GET /user/%s HTTP/1.0", data);
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 76% code coverage
* Critical Security Issue: SQL Injection in the Get User API endpoint (src/user.cpp:7:2)
To assess the issues, check your project on CI Sense
// This is the code you want to test
const app = require('express')();
app.get("/user", (request, response) => {
  const id = request.query.id;
  const query = `SELECT * FROM users WHERE id = ${id}`;
  // SECURITY ISSUE: vulnerable to SQL injection!
  connection.query(query, (error, results, fields) => {
    // handle results
  });
});

// This is the test you write
const request = require("supertest");
describe("Test the Get User API Endpoint", () => {
  it.fuzz("with AI-generated inputs", async (generatedId) => {
    const response = await request(app).get("/user").query({ id: generatedId });
  });
});
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 76% code coverage
* Critical Security Issue: SQL Injection in the Get User API endpoint (user/user.go:6)
To assess the issues, check your project on CI Sense
  • C/C++
// This is the code you want to test
public static String getUser(String id) {
  if (id.startsWith("admin:")) {
    Statement stmt = conn.createStatement();
    // SECURITY ISSUE: vulnerable to SQL injection!
    ResultSet rs = stmt.executeQuery("SELECT * FROM admins WHERE id = '" + id + "'");
    // handle results
  }
  // Handle non-admin users.
}

// This is the test you write
@FuzzTest
void testGetUser(String generatedId) {
  // Call your method with AI-generated inputs.
  User.getUser(generatedId);
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 2 issues and reached 91% code coverage
* Critical Security Issue: SQL Injection in getUser (com.example.User:6)
// This is the code you want to test
char* getUser(const char* id, size_t id_size) {
  char* user_buffer = (char*) malloc(MAX_USER_LENGTH);
  
  if (id_size >= 6 && strncmp("admin:", id, id_size) == 0) {
    // SECURITY ISSUE: vulnerable to heap buffer overflow!
    memcpy(user_buffer, id, id_size);
  
    // finish constructing the user buffer
  }
}

// This is the test you write
FUZZ_TEST(const char* data, size_t size) {
  // Call your function with AI-generated inputs.
  getUser(data, size);
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issues and reached 63% code coverage
* Critical Security Issue: Heap Buffer Overflow in getUser (src/user.cpp:7:4)
To assess the issues, check your project on CI Sense
// This is the code you want to test
function getUser(id) {
  if (id.startsWith("admin:")) {
    const query = `SELECT * FROM admins WHERE id = ${id}`;
    // SECURITY ISSUE: vulnerable to SQL injection!
    connection.query(query, (error, results, fields) => {
      // handle results
    });
  }
}

// This is the test you write
describe("Test the getUser function", () => {
  it.fuzz("with AI-generated inputs", (data) => {
    getUser(data);
  });
});
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issue and reached 93% code coverage
* Critical Security Issue: SQL Injection in getUser (user/user.js:6:4)
To assess the issues, check your project on CI Sense
  • C/C++
// This is the code you want to test
public static String sanitize(String userInput) {
  // logic to remove all HTML tags from user input
}

// This is the test you write
@FuzzTest
void testSanitize(String generatedInput) {
  // Call your method with AI-generated inputs.
  String sanitizedInput = User.sanitize(generatedInput);
  assertFalse("Result contains unwanted string", sanitizedInput.contains("</script"))
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issue and reached 61% code coverage
* Assertion Failure: Result contains unwanted string (com.example.SanitizerTest)
// This is the code you want to test
std::string sanitize(const std::string& userInput) {
  // logic to remove all HTML tags from user input
}

// This is the test you write
FUZZ_TEST(const char*data, size_t size) {
  // Call your function with AI-generated inputs.
  std::string input(data, size);
  std::string sanitizedInput = sanitize(input);
  assert(sanitizedInput.contains("</script"), "Result contains unwanted string")
}
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issue and reached 61% code coverage
* Assertion Failure: Result contains unwanted string (src/sanitize_test.cpp)
To assess the issues, check your project on CI Sense
// This is the code you want to test
function sanitize(userInput) {
  // logic to remove all HTML tags from user input
}

// This is the test you write
describe("Test the sanitize function", () => {
  it.fuzz("with AI-generated inputs", (input) => {
    const sanitizedInput = sanitize(input)
    expect(
      sanitizedInput.includes("</script"), 
      "Result contains unwanted string"
    ).toBeFalsy();
  });
});
  • Terminal
$ cifuzz run com.example.MyFuzzTest
Results: found 1 issue and reached 76% code coverage
* Test Failure: Result contains unwanted string (sanitizer/sanitize_test.js)
To assess the issues, check your project on CI Sense

Find hidden bugs in your software. It can be at the unit, API or service level. If you have a unit test: You are ready to go.

Protect Your Development Process at Every Stage.

Code Intelligence integration is a critical aspect of modern software development, enhancing the overall security and efficiency of the development process.

By seamlessly integrating Code Intelligence into various aspects of your workflow, you can ensure that your code is robust and secure from the earliest stages of development to deployment.

Logos

Logos - mobile

Protect Your Development Process at Every Stage.

Code Intelligence integration is a critical aspect of modern software development, enhancing the overall security and efficiency of the development process.

By seamlessly integrating Code Intelligence into various aspects of your workflow, you can ensure that your code is robust and secure from the earliest stages of development to deployment.


Build better software with Code Intelligence.

Welcome to Code Intelligence - where software excellence meets security seamlessly. 
Our AI-powered application security testing platform is designed to empower your entire development team, from engineers and leads to security managers. Explore the key values that make Code Intelligence the go-to solution for delivering exceptional code, optimizing development workflows, and ensuring robust security and compliance throughout your software development journey.
ShiftLeftTesting-225 Efficiency and Excellence
Unlock the power of AI to streamline your development process. Code Intelligence allows you to deliver great software with minimal effort, providing comprehensive testing and uncovering latent bugs and vulnerabilities with each code change.

Workflow-225 Optimized Workflow
Integrate Code Intelligence into your workflow to enhance overall security and efficiency. Our platform becomes an integral part of your development process, supporting you from the earliest stages of coding to deployment, ensuring your team can focus on solving business problems.
Robustness-225 Robustness with Minimal Risk
Build robust software with Code Intelligence’s effective code coverage and automation of test case creation. Our platform ensures your code is thoroughly examined for edge-case bugs and vulnerabilities, reassuring security managers that they are complying with industry standards.
Speed-225 Speed with Confidence
Accelerate your testing processes without compromising on security. Code Intelligence’s CI/CD integration ensures continuous testing at every code change, identifying and resolving issues long before production. Deliver value to your customers fast while mitigating business risks.
Explore the synergy of dynamic testing, self-learning AI, and industry recognition to exceed today’s quality and security requirements. Book a demo and see how Code Intelligence will empower your team to deliver secure, reliable, and exceptional software.

Accelerate your testing processes.

Equip your development and security teams to automate test case creation more efficiently.

Explore the synergy of dynamic testing and self-learning AI to enhance your testing process. Our Code Intelligence (CI) technology extends test coverage by learning from your application's behavior and previous test runs, automating test case generation for unexplored paths. This allows you to autogenerate test cases much quicker and more efficient.

Maze

Accelerate your testing processes.

Equip your development and security teams to automate test case creation more efficiently.

Maze

Explore the synergy of dynamic testing and self-learning AI to enhance your testing process. Our Code Intelligence (CI) technology extends test coverage by learning from your application's behavior and previous test runs, automating test case generation for unexplored paths. This allows you to autogenerate test cases much quicker and more efficient.


Resolve issues.
Long before they make it into the codebase.

Make sure that optimizing your pipeline to maximum performance comes at no cost to your software’s integrity. With Code Intelligence’s CI/CD integration, your software will automatically be tested at each code change so that regressions and other release blockers are found long before production.

Improve Your Software With Every Code Change.
Schedule some time with our team to see how AI-powered testing will help you exceed today’s quality and security requirements.

DevOps

 


iso-soc

Complying with industry standards.

Whether you’re building web apps, microservices, or automotive software, Code Intelligence helps you become compliant with the norms and standards of your industry, including ISO 21434, ISO 27001 and SOC 2.
“One of the biggest advantages of instrumented fuzz testing is that you can execute your code in a Software-in-the-Loop simulator. My favourite part of instrumented fuzzing is that finding the root cause is so easy, and for a manager, it means I can save budget.”
Michael von Wenckstern 2024
Michael Von WencksternProduct Cybersecurity Governance, Risk and Compliance Specialist, Continental AG
"Thanks to Code Intelligence fuzzing approaches, our security testing became significantly more effective. All our developers are now able to fix business critical bugs early in the development process, without false-positives."

 

Andreas Weichslgartner
Andreas WeichslgartnerSenior Technical Security Engineer, CARIAD
”Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It's like having an automated security expert always by your side.”
Thomas Dohmke - CEO Github
Thomas DohmkeCEO Github
”Thanks to Code Intelligence we were able to remediate deeply hidden issues, allowing us to ensure our vehicular software’s optimal functionality and safety. Coming up with the right unit tests for these cases would have been super difficult. With Code Intelligence’s AI-powered tests, we had the first finding within hours!”
saleh-heydari
Saleh HeydariVP of Software Engineering, XOS Trucks

Book a demo to unlock the power of self-learning AI.

Schedule some time with our team to see how AI-powered testing will help you exceed today’s quality and security requirements.

Discover how automated bug and vulnerability detection pre-pen testing, will speed up software development while assuring stable and secure software.

Autogenerate test cases that can identify bugs and vulnerabilities beyond the reach of traditional testing tools.

Join industry leaders like CARIAD, Bosch and Continental and become compliant with ISO 21434 and many other industry norms.

See fuzz testing in action

Automotive, telecom, machinery, medical device, and IoT manufacturers leverage Code Intelligence to test their products, effectively reducing the risk of delayed releases, costly fixes, malfunctions in critical systems, and cyber attacks.

Book a free product demo to find out how fuzz testing by Code Intelligence can help you:

  • Automate software testing for embedded systems.
  • Detect critical bugs & vulnerabilities early in the development.
  • Uncover only actual issues without false positives.
  • Enable developers to reproduce & fix issues in minutes, not weeks.
  • Ensure compliance with industry standards.