Challenge us!
Hide a severe bug in your Java, JavaScript, or C/C++ code, run our software, and win a T-shirt.
Catch me if you can.
Win a T-Shirt.
Catch me if you can.
Win a T-Shirt.
Frequently asked questions
Does CI Fuzz find all bugs in software?
No other testing method can generate most relevant test cases faster. While executing we find most issues like exception’s error responses or security vulnerabilities. Testing the business logic for the expected results will still be done with a few standard tests.
CI Fuzz does find all the unexpected behavior for edge case input. Does it find all security issues?
We focus on OWASP Top 10 issues and protect against injections of various types, remote code execution and many more. For system and infrastructure security (server versions, web server configuration, fire walls) use methods like pen testing.
Can CI Fuzz help with functional testing as well?
Wherever you can ensure some code to be functional by e.g. processing an input and in another call undoing this with the output, CI Fuzz can safely test this is the case for all potential input. When you need to ensure a new code segment produces the same results as old code did, CI Fuzz is your tool. CI Fuzz will not be able to check your business logic: Certain input needs to result in certain output. For this you will use your standard tests.
What in a nutshell makes CI Fuzz so special?
It is the different approach. Typical tests check one input and ensure specific output. May it be the expected business processing. May it be input considered to be invalid and handled properly. CI Fuzz automatically finds input that causes different code to be executed. CI Fuzz hooks in all calls and evaluation of conditions like if-then-else and finds ways to trigger different results. And on top and while doing this, all code is security checked.
Can CI Fuzz reach 100% code coverage?
Yes, absolutely. For some code additional input from the person knowing the code might be needed to get the last mile from 80 to 100. CI Sense allows to analyze and easily add required information.
Is there an easy rule of thumb when exactly CI Fuzz replaces a lot of tests and allows to focus on business logic?
In all situations where you can envision a test "Under no circumstances X must ever happen", CI Fuzz is your help to fully cover. You just add a few standard tests to ensure business logic. Security is tested on the fly. All done.
No other testing method can generate most relevant test cases faster. While executing we find most issues like exception’s error responses or security vulnerabilities. Testing the business logic for the expected results will still be done with a few standard tests.
We focus on OWASP Top 10 issues and protect against injections of various types, remote code execution and many more. For system and infrastructure security (server versions, web server configuration, fire walls) use methods like pen testing.
Wherever you can ensure some code to be functional by e.g. processing an input and in another call undoing this with the output, CI Fuzz can safely test this is the case for all potential input. When you need to ensure a new code segment produces the same results as old code did, CI Fuzz is your tool. CI Fuzz will not be able to check your business logic: Certain input needs to result in certain output. For this you will use your standard tests.
It is the different approach. Typical tests check one input and ensure specific output. May it be the expected business processing. May it be input considered to be invalid and handled properly. CI Fuzz automatically finds input that causes different code to be executed. CI Fuzz hooks in all calls and evaluation of conditions like if-then-else and finds ways to trigger different results. And on top and while doing this, all code is security checked.
Yes, absolutely. For some code additional input from the person knowing the code might be needed to get the last mile from 80 to 100. CI Sense allows to analyze and easily add required information.
In all situations where you can envision a test "Under no circumstances X must ever happen", CI Fuzz is your help to fully cover. You just add a few standard tests to ensure business logic. Security is tested on the fly. All done.