The CI Fuzz Platform is based on modern fuzzing. The solution autonomously and intelligently generates test cases that are tailored to your applications.
Example: Fuzzing an image parser application
Modern fuzzing is used for security and stability testing of the codebase. The software under test is fed with a series of inputs, which are purposefully mutated in the testing process. The testing tool gets feedback about the code covered during the execution of inputs. Unlike traditional or black-box fuzzing, feedback-based fuzzing explores the program state efficiently and discovers bugs hidden deep in the code.
Fuzzing is hard to integrate into existing development environments. The integration requires fuzzing and domain knowledge. Existing tools are usually from fuzzing experts for other fuzzing experts and therefore hard to use. These limitations have encouraged us to create a solution for developers and experts alike.
First Introduction of Fuzzing
- Generation of random inputs
- Monitoring for crashes, failed built-in code assertions or memory leaks
- Takes very long to find complex or deeply hidden bugs in the program
AFL Introduced Modern Fuzzing
- Introduction of feedback-based fuzzing to academia
- Uses not only randomized inputs but also intelligent algorithms to generate inputs
- Increased code coverage significantly
Modern Fuzzing Superior in Bug Discovery
- With modern fuzzing, countless bugs and vulnerabilities have been discovered
- Google finds 80 % of its bugs with fuzzing alone 16,000 in Google Chrome
- 11,000 bugs in 160 open source projects
CI Fuzz Platform
- Until today, fuzzing could only be used by experts
- CI Fuzz enables experts and developers alike to use fuzzing
- Unique combination of the latest breakthrough technologies