Our Product: Automated Security Testing Solution

CI Fuzz allows you to set up and continuously execute automated security and reliability tests by facilitating technologies that were previously only available through hard-to-find security experts.

Free Trial Request a Demo

Product Description

CI Fuzz contains two main components:

Fuzzing backend/core: The backend is responsible for all fuzzing tasks, such as project initialization, resolving dependencies, project compilation with the different instrumentation options and handling fuzz targets for all supported fuzzing engines. It also manages the configuration, running, and monitoring of fuzzing configurations.

User interface: The user interface communicates with the fuzzing backend and allows the user to set up, manage and monitor the fuzzing process, but also to analyze results, e.g. by loading the input data into the debugger to trigger the bugs. The user interface consists of a command-line interface and an extension for Visual Studio Code.

Download Product Information Sheet

Key Features

No false positives due to the interplay of static and dynamic testing

Combination of various state-of-the-art fuzzing engines for better results (increased code coverage, improved feedback loop, more critical bugs)

Enhanced performance and higher code coverage through the use of symbolic and concolic execution

Structure-aware fuzzing to test targets using structured inputs (e.g., JSON, XML, and JAML)

Data type/struct fuzzing to test APIs expecting C structs or C++ classes directly

Fuzzing file and network interfaces (both network clients and servers)

Seamless integration into any build system and environment

Supported languages: C/C++, Obj-C, Rust, Go, Java, Scala, Groovy, Kotlin, Clojure and Asm

Why CI Fuzz?

Get access to state-of-the-art technology: our software is based on the latest academic research

Achieve reliable testing results: CI Fuzz combines various analysis approaches to eliminate false positives

Improve the discovery of vulnerabilities: the usage of feedback-based fuzzing allows to cover more code with higher efficiency

No additional effort: we offer a plugin that seamlessly integrates into your favorite IDE

Maximize your productivity: browse and replay the found bugs and fix them more quickly

Test when and where you need it: fast and reliable source code testing integrates into your CI/CD process

Selection of vulnerabilties we identify

With CI Fuzz, you can identify, among others, the following vulnerabilities and prevent damage before it occurs.

Buffer overflows

Use after free

Memory leaks

Data races

Software crashes

Hangs / freezes

Call stack overflows

Uncaught exceptions

Integer overflow

Undefined behavior

Automated Fuzz Testing for Developers

Code Intelligence saves your time and effort while drastically improving the stability and reliability of the codebase. Our software offers clear monitoring over the code coverage and fuzzing progress, as well as easy IDE and command line integration. It enables you to set up an effective fuzzing process easily and analyze the resulting bugs and vulnerabilities. Additionally, the solution can be integrated into a CI/CD process which allows testing the code continuously.

Better Testing Coverage for Penetration Testers

CI Fuzz is a security testing platform using modern fuzzing technologies developed to maximize the speed and effectiveness in the discovery of CVEs. Feedback-based fuzzing focuses on generating inputs that maximize code coverage (thus triggering more bugs in the software under test). In order to find bugs deep in the code, we combine several fuzzing engines with concolic execution and static analysis.

Improved Testing Efficiency for Project Managers

With CI Fuzz, we help you to solve the problems surrounding continuous testing for security and reliability. Our solution combines the advantage of a user-friendly interface with state-of-the-art technologies that enable developers to discover critical vulnerabilities early in the process and greatly save time and costs. After an easy set-up, our security tests become part of your software development process including your CI/CD pipeline.