Fuzzing Use Case
Telekom Success Story
Fuzz testing enabled Telekom security experts to complete projects faster. Now, they can accept and deliver more new projects.
> 20 000 employees
Through the reduced manual effort, the test cycles speed up. Telekom security experts are now able to complete projects faster than ever and can also accept and deliver more new projects. Furthermore, even testers without security knowledge are now able to implement and conduct state-of-the-art security technology.
Saves 60% of developer time through the fully automated solution and easy-to-use IDE plugin.
Maximizes productivity of costly developers on programming code instead of hunting bugs and security issues.
Effortless setup of fuzzing for all software projects. The agnostic approach ensures seamless integration into the existing process landscape.
Modern software tests without expert knowledge, supported by preloaded settings and intelligent execution engine.
"With Code Intelligence, securing your software can take new paths in terms of quality and efficiency."
Telekom story begins with implementing feedback-based application security testing (FAST) in order to increase the security and quality of the tested software. The Telekom testing team has already been using open-source fuzzing tools such as AFL or libFuzzer for quite some time, but the testing experts also experienced pain points associated with the powerful but complex technology.
Using open-source fuzzers involves a huge amount of manual effort (up to 3 weeks per project).
Open-source fuzzing tools like AFL or libFuzzer require advanced knowledge.
Due to the lack of professionals on-the-job market, the department was not able to take on all incoming projects.
The use of CI Fuzz has already produced measurable results in a short time. Thanks to the simplified deployment of new test projects and the user-friendly interface, the Telecom Test Center is now able to test projects in a fraction of the time: one of the testers stated that the test time per project had fallen by 66%.
In addition, Code Intelligence has implemented structure-aware fuzzing as a new feature, resulting in increased efficency of the fuzzing engine. Not only software bugs but also critical security vulnerabilities leading to CVEs (Common Vulnerabilities and Exposures) have been uncovered.
Telekom and Code Intelligence are now working together on the roll-out of CI Fuzz to the entire Telekom corporation. The vision is to realize a „shift-left“ in the software development lifecycle (SDLC), so that feedback-based fuzzing is used not only around test centers but also already during software development. In this way, development teams can be supported in creating more secure software and the test center has more capacity for external assignments.