Menu

Fuzz Testing for JVM Is Now Open Source

February 10 2021 | 1 min

At Code Intelligence we already fixed thousands of bugs with our fuzzing engine for the JVM. Now we want to make its core available to the community.

We are happy to announce the open-source launch of Jazzer. 


Update: Google implemented Jazzer into OSS-Fuzz. Open-source projects can use Google's infrastructure to secure their Java libraries. Read the whole article in the Google Security Blog


With Jazzer, developers can increase their test coverage to find edge cases, avoiding software bugs more effectively. No changes to the source code or build system are required. Many proven fuzzing techniques, such as mutation strategies, error detection, or feedback from the program during run-time, are based on libFuzzer. Jazzer supports finding various error types in the JVM code. We also target programming language mixing ​​(native libraries via JNI), often leading to memory corruption bugs in the Java to C/C++ glue code. In this blog post, you can find more details about engineering Jazzer

See Jazzer on GitHub

CI Fuzz Enterprise

Our Enterprise Edition focuses on solving enterprise problems and integrations relevant to working in development teams. Various features like reporting, CI/CD and dev tool integration, WebAPI fuzzing, OWASP vulnerability detection enable highly productive work in the development process (DevSecOps). If you have been eager to get hands-on experience with fuzz testing, look at our Github repository. There you will find a step-by-step guide on how to get your first findings with Jazzer within minutes. 

“With the open-source release of Jazzer, we want to contribute
to helping even more developers to write better software.”

Sergej Dechand, CEO of Code Intelligence 

 

Recent Posts

One Year of Fuzzing and Fixing Suricata

Autofuzz: Fuzzing Without Writing Fuzz Targets or Harnesses

Fuzzing 101 – The Basics (FAQ)

19 Bugs in Jsoup Found With Jazzer

Share Article

Subscribe to updates