Fuzzing Use Case
Continental Success Story
Continental managed to test a large safety module with 18,000 lines of code (LoC) within only one week.
> 230 000 Employees
Continental automated their security testing and increased their code coverage (now above 95% in most modules).
The smart bug detection and advanced debugging features of the CI Fuzz testing platform helped the development team to fix all business-critical bugs in the evaluation project within only one week.
Feedback-based fuzzing enables Continental to comply with automotive software security standards such as UNECE WP.29 and ISO/SAE 21434.
The CI Fuzz testing platform comes with a detailed bug reporting and insights for each finding. Project managers are now able to automatically report and prove which inputs lead to bugs and critical behavior and how much progress the business unit made since the last sprint.
Although the Public API documentation is usually available, developers need to write plenty of test harnesses, which is incredibly time-consuming.
Developers have to secure the communication between the Hardware-Dependent-API and the hardware.
The ISO 21434 and UNECE WP.29 recommend OEMs to integrate feedback-based fuzz testing into their DevOps processes and defines new requirements for software security engineering.
Open-source fuzzing solutions are already very effective, but they still require manual tuning and follow-up work for developers. Continental was looking for a professional fuzzing solution they can easily apply in an automotive architecture.
The CI fuzz testing platform makes it possible to apply modern fuzz testing approaches in an early stage of the software development process. This has automated and simplified the entire testing process because it enabled the developers to perform security tests on their own modules and to fix critical bugs right away.
The CI Fuzz testing platform also enabled the developers to mock their hardware with fuzz data. Continental story succeeded by applying feedback-based fuzzing to their software. They are now able to protect their software against edge cases and unexpected behaviors. For example, if a sensor should send unusual or erroneous inputs.