macbook silver

Product Description

CI Fuzz has two main components:

  • Fuzzing backend/core: The backend is responsible for all fuzzing tasks, such as project and fuzzer initialization, instrumenting the project to enable feedback based fuzzing for all major fuzzing engines. It also manages the configuration, running, and monitoring of fuzzing configurations. 
  • User interface: The user interface communicates with the fuzzing backend and allows the user to set up, manage and monitor the fuzzing process. It also assists the developer in analyzing the results, e.g. by loading the input data into the debugger to trigger the bugs. The UI is available both as a command-line interface as well as a Visual Studio Code Plugin. 
Download Product Information Sheet

Key Features

  • No false positives due to the interplay of static and dynamic testing
  • Combination of all major state-of-the-art fuzzing engines for better results (increased code coverage, improved feedback loop, more critical bugs found)
  • Enhanced performance and higher code coverage through the use of symbolic and concolic execution
  • Structure-aware fuzzing to test targets using structured inputs (e.g., JSON, XML, and YAML)
  • Data type/struct fuzzing to test APIs using C structs or C++ classes directly
  • Fuzzing file and network interfaces (both network clients and servers)
  • Seamless integration into any build system and environment
  • Supported languages: C/C++, Obj-C, Java, Rust, Go, Scala, Groovy, Kotlin, Clojure and Asm

Why CI Fuzz?

  • Reduce costs: Save over 60% of developers time due to our fully automated solution and our easy-to-use IDE plugin 
  • Fuzzing for everyone: Create and execute modern software tests without any expert knowledge supported by our preloaded settings and intelligent execution engine
  • Increase productivity: Maximize the productivity of your costly developers on programming code instead of hunting bugs and security issues
  • No prerequisites needed: Our agnostic approach ensures seamless integration into your existing process landscape
  • Access to state-of-the-art technology: Unparalleled combination of latest breakthrough technologies under one roof to deliver added business values

Selection of vulnerabilities we identify

With CI Fuzz, you can identify, among others, the following vulnerabilities and prevent damage before it occurs.

Buffer overflows

Use after free

Memory leaks

Data races

Software crashes

Hangs / freezes

Call stack overflows

Uncaught exceptions

Integer overflow

Undefined behavior

Automated Fuzz Testing for Developers

Code Intelligence saves you time and effort while drastically improving the stability and reliability of your codebase. Our software offers clear monitoring over the code coverage and fuzzing progress, as well as easy IDE and command line integration. It enables you to set up an effective fuzzing process easily and analyze the resulting bugs and vulnerabilities. Additionally, the solution can be integrated into a CI/CD process which allows testing the code continuously. 


Better Testing Coverage for Penetration Testers

CI Fuzz is a security testing platform using modern fuzzing technologies developed to maximize the speed and effectiveness in the discovery of bugs and vulnerabilities. Feedback-based fuzzing focuses on generating inputs that maximize code coverage (thus triggering more bugs in the software being tested). In order to find bugs deep in the code, we combine several fuzzing engines with concolic execution and static analysis.


Improved Testing Efficiency for Project Managers

With CI Fuzz, we help you solve problems surrounding continuous testing for security and reliability. Our solution combines the advantage of a user-friendly interface with state-of-the-art technologies that enable regular developers to discover critical vulnerabilities early in the process and greatly save time and reduce the overall development cost. After the easy set-up, our security tests become part of your software development process included in your CI/CD pipeline.