Fuzz testing enabled Telekom security experts to complete projects faster.
Now, they can accept and deliver more new projects.
> 20 000 employees
Added Business Values
Through the reduced manual effort, the test cycles speed up. Telekom security experts are now able to complete projects faster than ever and can also accept and deliver more new projects. Furthermore, even testers without security knowledge are now able to implement and conduct state-of-the-art security technology.
Increase in Productivity
Usable Modern Fuzzing
"With Code Intelligence, securing your software can take new paths in terms of quality and efficiency."
Chief Security Officer // Deutsche Telekom AG
Simplify the Use of Advanced Fuzzing Practices
Telekom's success story begins with implementing feedback-based application security testing (FAST) in order to increase the security and quality of the tested software. The Telekom testing team has already been using open-source fuzzing tools such as AFL or libFuzzer for quite some time, but the testing experts also experienced pain points associated with the powerful but complex technology.
Automate Manual Efforts
Using open-source fuzzers involves a huge amount of manual effort (up to 3 weeks per project).
Overcome High Complexity
Open-source fuzzing tools like AFL or libFuzzer require advanced knowledge.
Handle Lack of Security Experts
Due to the lack of professionals on-the-job market, the department was not able to take on all incoming projects.
Fuzz Testing Platform CI Fuzz
With this in mind, Telekom implemented CI Fuzz at the beginning of June 2019 as an easy-to-use testing platform for feedback-based fuzzing.
Shortened Testing Time
The use of CI Fuzz has already produced measurable results in a short time. Thanks to the simplified deployment of new test projects and the user-friendly interface, the Telecom Test Center is now able to test projects in a fraction of the time: one of the testers stated that the test time per project had fallen by 66%.
Advanced Bug Detection
In addition, Code Intelligence has implemented structure-aware fuzzing as a new feature, resulting in increased efficiency of the fuzzing engine. Not only software bugs but also critical security vulnerabilities leading to CVEs (Common Vulnerabilities and Exposures) have been uncovered.
What The Future Holds
Telekom and Code Intelligence are now working together on the roll-out of CI Fuzz to the entire Telekom corporation. The vision is to realize a „shift-left“ in the software development lifecycle (SDLC), so that feedback-based fuzzing is used not only around test centers but also already during software development. In this study case, development teams can be supported in creating more secure software and the test center has more capacity for external assignments.
Get Started With CI Fuzz
Talk to our developers to learn how the CI Fuzz testing platform can help you provide secure and reliable software.