Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities
Developers who run unit tests in Jest can now test their JavaScript applications for bugs and security vulnerabilities, including remote code execution, cross-site scripting, and injections.
Bonn, Germany, February 16, 2023 - Code Intelligence, the automated testing platform, today announced integrating its recently open-sourced JavaScript fuzz testing engine, Jazzer.js, into Jest, the most used unit testing framework for JavaScript. Developers can now use Jest for both functional and security testing without ever having to leave their development environment.
Beyond Unit Testing: New Fuzz Testing Integration Uncovers Blind Spots In JavaScript
Code Intelligence’s new fuzz testing integration for Jest allows developers to run automated security tests, complimentary to their existing unit tests and enables them to test JavaScript applications for unknown bugs. Soon, Jazzer.js will also receive specialized bug detectors for critical vulnerabilities, including remote code executions (such as Log4Shell), cross-site-scripting, and injections.
“While most JavaScript developers already use Jest for functional testing, to test whether their application behaves as expected, our new Jest integration allows developers to also do negative testing. This is to check their applications for unexpected or strange behaviors. It does not only avoid security issues but makes the code more reliable and reduces outages and bad user experience.”, says Werner Krahe, Product Director of Code Intelligence.
Jazzer.js Brings Whitebox Fuzz Testing to JavaScript and Node.js
Jazzer.js is a free, coverage-guided, in-process fuzzer for the entire Node.js platform. To ease accessibility, it is available within JavaScript’s node package manager (npm), which is used by most JavaScript developers to download their tooling. Developers can call Jazzer.js in Jest, by using the new it.fuzz() function in describe() blocks. This function calls highly automated fuzz tests that use coverage feedback to generate millions of unusual and unexpected test inputs that can trigger security vulnerabilities and functional bugs. Jazzer.js also provides a regression mode, which is useful in making sure that newly added code doesn’t break existing functionality.
“Our mission is to give every developer the necessary tools to write more secure code,” says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “The fuzz testing integration for Jest will help in making JavaScript applications more reliable and secure.”
/Images/Jazzer.js_Jan_2023.png "Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js")
About Code Intelligence:
Founded in 2018 by Sergej Dechand, Khaled Yakdan, and Matthew Smith, Code Intelligence offers an automated software security platform that helps developers ship more secure code. The startup strongly focuses on securing memory-safe languages widely used in the industry. To this end, it develops and maintains the leading fuzzing engines for Java and JavaScript. It also contributed several improvements to fuzzing in Golang, which have been integrated into the language, benefiting all Go developers. Code Intelligence is trusted by Google, Deutsche Telekom, Bosch, and CARIAD, amongst others.
Media Kit
Link
Media Contact
press@code-intelligence.com
Related Articles
Code Intelligence Raises $12M for Dev-First Security
We are thrilled to announce that we secured Series A funding of $12 Million and welcome Thomas Dohmke, CEO of GitHub as our new business angel.
Our Log4j Bug Detectors Are Now in Google’s OSS-Fuzz
Code Intelligence implemented bug detectors for Remote Code Execution Vulnerabilities (RCEs) into Google’s open-source fuzzing framework, OSS-Fuzz.
Open-Source: Jazzer Fixes 19 Bugs in Jsoup
With Jazzer, we were able to find over 19 Bugs in Jsoup. Jsoup is a popular open-source library used to parse, extract and manipulate data stored in HTML.