AI-powered security testing for C/C++ by Code Intelligence
The Application Security Testing Platform by Code Intelligence
Code Intelligence enables early security testing for C/C++ software. It leverages AI-driven white-box fuzz testing to detect critical bugs and vulnerabilities early in the development process. Every uncovered bug comes with concrete proof—a triggering test case, inputs, and a precise code line where the bug is hidden. Thus, developers can identify the root cause in minutes and fix bugs quickly.
Discover more hidden bugs and vulnerabilities with every code change.
OWASP vulnerabilities, and memory corruption within your current test environment.
- Unit & Integration Tests
- API Tests
- Deep Bugs
- Functional Tests
- C/C++
// This is the code you want to test
char* getUser(const char* id, size_t id_size) {
char* user_buffer = (char*) malloc(MAX_USER_LENGTH);
// SECURITY ISSUE: buffer overflow!
memcpy(user_buffer, id, id_size);
// finish constructing the user buffer
}
// This is the test you write
FUZZ_TEST(const char* data, size_t size) {
// Call your function with AI-generated inputs.
getUser(data, size);
}
- Terminal
$ cifuzz run all
Results: found 1 issues and reached 86% code coverage
* Critical Security Issue: Heap Buffer Overflow in getUser (src/user.cpp:5:2)
To assess the issues, check your project on CI Sense
// This is the code you want to test
char* getUser(const char* id, size_t id_size) {
char* user_buffer = (char*) malloc(MAX_USER_LENGTH);
// SECURITY ISSUE: buffer overflow!
memcpy(user_buffer, id, id_size);
// finish constructing the user buffer
}
// This is the test you write
FUZZ_TEST(const char* data, size_t size) {
// Call your function with AI-generated inputs.
getUser(data, size);
}
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issues and reached 86% code coverage* Critical Security Issue: Heap Buffer Overflow in getUser (src/user.cpp:5:2)To assess the issues, check your project on CI Sense
// This is the code you want to test
function getUser(id) {
// SECURITY ISSUE: vulnerable to command injection!
const result = execSync(`id -nu ${id}`);
// handle error and return result
}
// This is the test you write
describe("Test the getUser function", () => {
it.fuzz("with AI-generated inputs", (data) => {
getUser(data);
});
});
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issues and reached 74% code coverage* Critical Security Issue: Command Injection in getUser (user/user.js:4:2)To assess the issues, check your project on CI Sense
- C/C++
// This is the code you want to test
int getUser(struct Connection *conn, const char *id) {
sprintf(query, "SELECT * FROM users WHERE id ='%s'", id);
char *zErrMsg = nullptr;
// SECURITY ISSUE: vulnerable to SQL injection!
sqlite3_exec(db, query, nullptr, nullptr, &zErrMsg);
// handle query results
}
// This is the test you write
FUZZ_TEST(const uint8_t *data, size_t size) {
// Call your API endpoint with AI-generated inputs.
Client *client = connect_to_server(ip, port);
client->send_request("GET /user/%s HTTP/1.0", data);
}
- Terminal
$ cifuzz run all
Results: found 1 issues and reached 76% code coverage
* Critical Security Issue: SQL Injection in the Get User API endpoint (src/user.cpp:7:2)
To assess the issues, check your project on CI Sense
// This is the code you want to test
int getUser(struct Connection *conn, const char *id) {
sprintf(query, "SELECT * FROM users WHERE id ='%s'", id);
char *zErrMsg = nullptr;
// SECURITY ISSUE: vulnerable to SQL injection!
sqlite3_exec(db, query, nullptr, nullptr, &zErrMsg);
// handle query results
}
// This is the test you write
FUZZ_TEST(const uint8_t *data, size_t size) {
// Call your API endpoint with AI-generated inputs.
Client *client = connect_to_server(ip, port);
client->send_request("GET /user/%s HTTP/1.0", data);
}
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issues and reached 76% code coverage* Critical Security Issue: SQL Injection in the Get User API endpoint (src/user.cpp:7:2)To assess the issues, check your project on CI Sense
// This is the code you want to test
const app = require('express')();
app.get("/user", (request, response) => {
const id = request.query.id;
const query = `SELECT * FROM users WHERE id = ${id}`;
// SECURITY ISSUE: vulnerable to SQL injection!
connection.query(query, (error, results, fields) => {
// handle results
});
});
// This is the test you write
const request = require("supertest");
describe("Test the Get User API Endpoint", () => {
it.fuzz("with AI-generated inputs", async (generatedId) => {
const response = await request(app).get("/user").query({ id: generatedId });
});
});
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issues and reached 76% code coverage* Critical Security Issue: SQL Injection in the Get User API endpoint (user/user.go:6)To assess the issues, check your project on CI Sense
- C/C++
// This is the code you want to test
public static String getUser(String id) {
if (id.startsWith("admin:")) {
Statement stmt = conn.createStatement();
// SECURITY ISSUE: vulnerable to SQL injection!
ResultSet rs = stmt.executeQuery("SELECT * FROM admins WHERE id = '" + id + "'");
// handle results
}
// Handle non-admin users.
}
// This is the test you write
@FuzzTest
void testGetUser(String generatedId) {
// Call your method with AI-generated inputs.
User.getUser(generatedId);
}
- Terminal
$ cifuzz run all
Results: found 2 issues and reached 91% code coverage
* Critical Security Issue: SQL Injection in getUser (com.example.User:6)
To assess the issues, check your project on CI Sense
// This is the code you want to test
char* getUser(const char* id, size_t id_size) {
char* user_buffer = (char*) malloc(MAX_USER_LENGTH);
if (id_size >= 6 && strncmp("admin:", id, id_size) == 0) {
// SECURITY ISSUE: vulnerable to heap buffer overflow!
memcpy(user_buffer, id, id_size);
// finish constructing the user buffer
}
}
// This is the test you write
FUZZ_TEST(const char* data, size_t size) {
// Call your function with AI-generated inputs.
getUser(data, size);
}
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issues and reached 63% code coverage* Critical Security Issue: Heap Buffer Overflow in getUser (src/user.cpp:7:4)To assess the issues, check your project on CI Sense
// This is the code you want to test
function getUser(id) {
if (id.startsWith("admin:")) {
const query = `SELECT * FROM admins WHERE id = ${id}`;
// SECURITY ISSUE: vulnerable to SQL injection!
connection.query(query, (error, results, fields) => {
// handle results
});
}
}
// This is the test you write
describe("Test the getUser function", () => {
it.fuzz("with AI-generated inputs", (data) => {
getUser(data);
});
});
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issue and reached 93% code coverage* Critical Security Issue: SQL Injection in getUser (user/user.js:6:4)To assess the issues, check your project on CI Sense
- C/C++
// This is the code you want to test
std::string sanitize(const std::string& userInput) {
// logic to remove all HTML tags from user input
}
// This is the test you write
FUZZ_TEST(const char*data, size_t size) {
// Call your function with AI-generated inputs.
std::string input(data, size);
std::string sanitizedInput = sanitize(input);
assert(sanitizedInput.contains("</script"), "Result contains unwanted string")
}
- Terminal
$ cifuzz run all
Results: found 1 issue and reached 61% code coverage
* Assertion Failure: Result contains unwanted string (src/sanitize_test.cpp)
To assess the issues, check your project on CI Sense
// This is the code you want to test
std::string sanitize(const std::string& userInput) {
// logic to remove all HTML tags from user input
}
// This is the test you write
FUZZ_TEST(const char*data, size_t size) {
// Call your function with AI-generated inputs.
std::string input(data, size);
std::string sanitizedInput = sanitize(input);
assert(sanitizedInput.contains("</script"), "Result contains unwanted string")
}
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issue and reached 61% code coverage* Assertion Failure: Result contains unwanted string (src/sanitize_test.cpp)To assess the issues, check your project on CI Sense
// This is the code you want to test
function sanitize(userInput) {
// logic to remove all HTML tags from user input
}
// This is the test you write
describe("Test the sanitize function", () => {
it.fuzz("with AI-generated inputs", (input) => {
const sanitizedInput = sanitize(input)
expect(
sanitizedInput.includes("</script"),
"Result contains unwanted string"
).toBeFalsy();
});
});
- Terminal
$ cifuzz run com.example.MyFuzzTestResults: found 1 issue and reached 76% code coverage* Test Failure: Result contains unwanted string (sanitizer/sanitize_test.js)To assess the issues, check your project on CI Sense
Find hidden bugs in your software. It can be at the unit, API or service level. If you have a unit test: You are ready to go.
Protect Your Development Process at Every Stage.
Code Intelligence integration is a critical aspect of modern software development, enhancing the overall security and efficiency of the development process.
By seamlessly integrating Code Intelligence into various aspects of your workflow, you can ensure that your code is robust and secure from the earliest stages of development to deployment.
Protect Your Development Process at Every Stage.
Code Intelligence integration is a critical aspect of modern software development, enhancing the overall security and efficiency of the development process.
By seamlessly integrating Code Intelligence into various aspects of your workflow, you can ensure that your code is robust and secure from the earliest stages of development to deployment.
Build better software with Code Intelligence.
Accelerate your testing processes.
Equip your development and security teams to automate test case creation more efficiently.
Explore the synergy of dynamic testing and self-learning AI to enhance your testing process. Our Code Intelligence (CI) technology extends test coverage by learning from your application's behavior and previous test runs, automating test case generation for unexplored paths. This allows you to autogenerate test cases much quicker and more efficient.
Accelerate your testing processes.
Equip your development and security teams to automate test case creation more efficiently.
Explore the synergy of dynamic testing and self-learning AI to enhance your testing process. Our Code Intelligence (CI) technology extends test coverage by learning from your application's behavior and previous test runs, automating test case generation for unexplored paths. This allows you to autogenerate test cases much quicker and more efficient.
Resolve issues.
Long before they make it into the codebase.
Make sure that optimizing your pipeline to maximum performance comes at no cost to your software’s integrity. With Code Intelligence’s CI/CD integration, your software will automatically be tested at each code change so that regressions and other release blockers are found long before production.
Improve Your Software With Every Code Change.
Schedule some time with our team to see how AI-powered testing will help you exceed today’s quality and security requirements.
Complying with industry standards.
Book a demo to unlock the power of self-learning AI.
Schedule some time with our team to see how AI-powered testing will help you exceed today’s quality and security requirements.
Discover how automated bug and vulnerability detection pre-pen testing, will speed up software development while assuring stable and secure software.
Autogenerate test cases that can identify bugs and vulnerabilities beyond the reach of traditional testing tools.
Join industry leaders like CARIAD, Bosch and Continental and become compliant with ISO 21434 and many other industry norms.
Automotive, telecom, machinery, medical device, and IoT manufacturers leverage Code Intelligence to test their products, effectively reducing the risk of delayed releases, costly fixes, malfunctions in critical systems, and cyber attacks.
Book a free product demo to find out how fuzz testing by Code Intelligence can help you:
- Automate software testing for embedded systems.
- Detect critical bugs & vulnerabilities early in the development.
- Uncover only actual issues without false positives.
- Enable developers to reproduce & fix issues in minutes, not weeks.
- Ensure compliance with industry standards.