Introducing Jazzer Pro:
Turbocharge Your Java Fuzz Testing
Fuzz testing with Jazzer Pro - As Easy as Unit Testing
Built on the robust foundation of Jazzer, our esteemed open-source Java fuzz testing solution, Jazzer Pro advances this legacy, streamlining the process of uncovering initial insights with greater efficiency. Through enhanced integration with unit test frameworks, sophisticated mutation capabilities for plain Java objects, and ongoing refinement of our bug and vulnerability detection systems, Jazzer Pro offers a promising pathway towards quicker and more effective testing outcomes.
Save Developers Time - Simplified Test Creation
Following our mission saving developers’ time, we eliminated the more cumbersome utilization of FuzzedDataProvider – including the need for casting data types and manually constructing complex object structures, Jazzer Pro simplifies this process. It achieves this by supporting the generation of plain Java objects straight in the test definition, eliminating the requirement for manual data type creations or conversions.
Classic Jazzer Test
As can be seen in the first code sample, in the previous versions, the developers had to manually consume fuzzing data from the FuzzDataProvider to create their internal data structures, which are used by the function under test. With the support to use plain Java objects, the fuzzer will generate valid data avoiding boilerplate object preparation.
Note that both examples use the @FuzzTest annotation rather than the classic testOneInput as used in OSS-Fuzz. Besides the automated test case generation, everything else works as with jUnit, e.g. IDE-supported code coverage visualization, debugging and regression testing.
As can be seen in the first code sample, in the previous versions, the developers had to manually consume fuzzing data from the FuzzDataProvider to create their internal data structures, which are used by the function under test. With the support to use plain Java objects, the fuzzer will generate valid data avoiding boilerplate object preparation.
Note that both examples use the @FuzzTest annotation rather than the classic testOneInput as used in OSS-Fuzz. Besides the automated test case generation, everything else works as with jUnit, e.g. IDE-supported code coverage visualization, debugging and regression testing.
The same Test with Jazzer Pro
Continuous Bug Detection Improvement
Vulnerabilities like Log4Shell were an eye-opener for the industry in terms of new attack vectors. With Jazzer, we always focused on providing bug detectors for non-memory vulnerabilities such as any type of injections (SQL, LDAP, Commandline) or Remote Code Execution, so they can be fixed before they become a problem in production code. In our commercial version, we continuously extend and improve our existing bug detectors and add further capabilities for additional vulnerability classes, such as SSRF detection or NoSQL injections.
Additional Support Benefits
Free for Open Source Projects and Non-Commercial Security Research
We believe in empowering the community. That's why we offer Jazzer Pro free of charge for testing open-source projects and for non-commercial security research endeavors. Join us in advancing the field of software testing and security without any financial barriers.
Start Using Jazzer Pro now
Elevate your testing game with Jazzer Pro – the ultimate choice for Java fuzz testing. Take the leap forward and experience the future of automated testing today.
Jazzer Pro can be used exactly like Jazzer and will be shipped as part of CI Fuzz, supporting developer tool integrations and further programming languages such as C/C++, JavaScript and others.