Telekom Success Story
Fuzz testing enabled Telekom security experts to complete projects faster. Now, they can accept and deliver more new projects.
Fuzz testing enabled Telekom security experts to complete projects faster. Now, they can accept and deliver more new projects.
Telecommunication
Test Center
> 20 000 employees
Bonn, Germany
Through the reduced manual effort, the test cycles speed up. Telekom security experts are now able to complete projects faster than ever and can also accept and deliver more new projects. Furthermore, even testers without security knowledge are now able to implement and conduct state-of-the-art security technology.
Saves 60% of developer time through the fully automated solution and easy-to-use IDE plugin.
Maximizes productivity of costly developers on programming code instead of hunting bugs and security issues.
Effortless setup of fuzzing for all software projects. The agnostic approach ensures seamless integration into the existing process landscape.
Modern software tests without expert knowledge, supported by preloaded settings and an intelligent execution engine.
"With Code Intelligence, securing your software can take new paths in terms of quality and efficiency."
Telekom's success story begins with implementing feedback-based application security testing (FAST) in order to increase the security and quality of the tested software. The Telekom testing team has already been using open-source fuzzing tools such as AFL or libFuzzer for quite some time, but the testing experts also experienced pain points associated with the powerful but complex technology.
Using open-source fuzzers involves a huge amount of manual effort (up to 3 weeks per project).
Open-source fuzzing tools like AFL or libFuzzer require advanced knowledge.
Due to the lack of professionals on-the-job market, the department was not able to take on all incoming projects.
With this in mind, Telekom implemented CI Fuzz at the beginning of June 2019 as an easy-to-use testing platform for feedback-based fuzzing.
The use of CI Fuzz has already produced measurable results in a short time. Thanks to the simplified deployment of new test projects and the user-friendly interface, the Telecom Test Center is now able to test projects in a fraction of the time: one of the testers stated that the test time per project had fallen by 66%.
In addition, Code Intelligence has implemented structure-aware fuzzing as a new feature, resulting in increased efficiency of the fuzzing engine. Not only software bugs but also critical security vulnerabilities leading to CVEs (Common Vulnerabilities and Exposures) have been uncovered.
Telekom and Code Intelligence are now working together on the roll-out of CI Fuzz to the entire Telekom corporation. The vision is to realize a „shift-left“ in the software development lifecycle (SDLC), so that feedback-based fuzzing is used not only around test centers but also already during software development. In this case, development teams can be supported in creating more secure software and the test center has more capacity for external assignments.