Our Product: Automated Security Testing Solution

CI Fuzz enables you to easily create and continuously execute security and reliability tests by automating cutting edge security testing technologies that previously required specialized security experts.

Request a Demo Free Trial

Product Description

CI Fuzz has two main components:

Fuzzing backend/core: The backend is responsible for all fuzzing tasks, such as project and fuzzer initialization, instrumenting the project to enable feedback based fuzzing for all major fuzzing engines. It also manages the configuration, running, and monitoring of fuzzing configurations.

User interface: The user interface communicates with the fuzzing backend and allows the user to set up, manage and monitor the fuzzing process. It also assists the developer in analyzing the results, e.g. by loading the input data into the debugger to trigger the bugs. The UI is available both as a command-line interface as well as a Visual Studio Code Plugin.

Download Product Information Sheet

Key Features

No false positives due to the interplay of static and dynamic testing

Combination of all major state-of-the-art fuzzing engines for better results (increased code coverage, improved feedback loop, more critical bugs found)

Enhanced performance and higher code coverage through the use of symbolic and concolic execution

Structure-aware fuzzing to test targets using structured inputs (e.g., JSON, XML, and YAML)

Data type/struct fuzzing to test APIs using C structs or C++ classes directly

Fuzzing file and network interfaces (both network clients and servers)

Seamless integration into any build system and environment

Supported languages: C/C++, Obj-C, Java, Rust, Go, Scala, Groovy, Kotlin, Clojure and Asm

Why CI Fuzz?

Benefit from state-of-the-art fuzzing technology: our software integrates several state-of-the-art fuzzers and additionally integrates breakthroughs from current academic research

Achieve reliable testing results: CI Fuzz combines various analysis approaches to eliminate false positives

Increase efficiency and code coverage: feedback-based fuzzing enables more code to be covered with higher efficiency

Minimal additional effort: we offer a plugin that seamlessly integrates into your favorite IDE where you can select which functions to fuzz with no special expertise

Maximize your productivity: browse and replay found bugs and fix them with ease

Test when and where you need it: fast and reliable source code testing integrated into your CI/CD process

Selection of vulnerabilities we identify

With CI Fuzz, you can identify, among others, the following vulnerabilities and prevent damage before it occurs.

Buffer overflows

Use after free

Memory leaks

Data races

Software crashes

Hangs / freezes

Call stack overflows

Uncaught exceptions

Integer overflow

Undefined behavior

Automated Fuzz Testing for Developers

Code Intelligence saves you time and effort while drastically improving the stability and reliability of your codebase. Our software offers clear monitoring over the code coverage and fuzzing progress, as well as easy IDE and command line integration. It enables you to set up an effective fuzzing process easily and analyze the resulting bugs and vulnerabilities. Additionally, the solution can be integrated into a CI/CD process which allows testing the code continuously.

Better Testing Coverage for Penetration Testers

CI Fuzz is a security testing platform using modern fuzzing technologies developed to maximize the speed and effectiveness in the discovery of bugs and vulnerabilities. Feedback-based fuzzing focuses on generating inputs that maximize code coverage (thus triggering more bugs in the software being tested). In order to find bugs deep in the code, we combine several fuzzing engines with concolic execution and static analysis.

Improved Testing Efficiency for Project Managers

With CI Fuzz, we help you solve problems surrounding continuous testing for security and reliability. Our solution combines the advantage of a user-friendly interface with state-of-the-art technologies that enable regular developers to discover critical vulnerabilities early in the process and greatly save time and reduce the overall development cost. After the easy set-up, our security tests become part of your software development process included in your CI/CD pipeline.