At Code Intelligence we already fixed thousands of bugs with our fuzzing engine for the Java virtual machine. Now we want to make its core available to the community.
We are happy to announce the open-source launch of Jazzer.
Update: Google implemented Jazzer into OSS-Fuzz. Open-source projects can use Google's infrastructure to secure their Java libraries. Read the whole article in the Google Security Blog.
With Jazzer, developers can increase their test coverage to find edge cases, avoiding software bugs more effectively. No changes to the source code or build system are required. Many proven fuzzing techniques, such as mutation strategies, error detection, or feedback from the program during run-time, are based on libFuzzer. Jazzer supports finding various error types in the JVM code. We also target programming language mixing (native libraries via JNI), often leading to memory corruption bugs in the Java to C/C++ glue code. In this blog post, you can find more details about engineering Jazzer.
CI Fuzz Enterprise
Our Enterprise Edition focuses on solving enterprise problems and integrations relevant to working in development teams. Various features like reporting, CI/CD and dev tool integration, WebAPI fuzzing, OWASP vulnerability detection enable highly productive work in the development process (DevSecOps). If you have been eager to get hands-on experience with fuzz testing, look at our Github repository. There you will find a step-by-step guide on how to get your first findings with Jazzer within minutes.
“With the open-source release of Jazzer, we want to contribute
to helping even more developers to write better software.”
Sergej Dechand, CEO of Code Intelligence