Fuzzing Web Applications
Automated security testing is one of the best ways to secure complex web applications.
Securing web applications is incredibly complex. You need to ensure the security of each individual service. Furthermore, you also need to secure the complex interaction in between. Developers who want to secure their web services face a case full of challenges.
Open web APIs and microservice architecture are constantly evolving, which implies an increased attack surface and thus a growing demand for security testing to keep up.
Read full article: Stateful REST API Fuzzing with RESTler
In web applications, certain bugs are particularly common. The OWASP organization regularly ranks the 10 most dangerous web vulnerabilities.
Read full article: 10 Most Common Vulnerabilities CI Fuzz Finds in Java Web Applications
Contrary to popular belief, memory-safe languages are not inherently safe. It's important to properly test your memory-safe applications.
Read full article: Memory-Safe Fuzzing: Why Fuzz Testing Can Do More Than C/C++
Open-source tools for automated security testing are sometimes difficult to integrate into an existing development environment. But enterprise solutions, like the CI Fuzz testing platform, can help developers to apply coverage-guided fuzz testing to their microservice environment.
Read full article: Fuzzing Microservices with CI Fuzz
Code Intelligence's new Java fuzzer enabled us to quickly find bugs and vulnerabilities in Java applications.
Code Intelligence substantially improved the security of our telemetry engine. Thanks to the native CI/CD integration, we will soon have visibility into all places where user input can wreak havoc. No more time-consuming manual audits.
Thanks to CI Fuzz, our security testing became significantly more effective. All our developers are now able to fix business-critical bugs early in the development process, without false positives.
I knew a custom fuzzer I wrote way back was not particularly good, but I was still surprised when CI's fuzzer turned up a bunch of bugs that mine never caught. I was impressed with how well versed the CI folk are in identifying properties to check, and how on point the reports were.
In this webinar, Simon Resch will demonstrate a novel approach that allows you to simplify and automate your web application testing using modern fuzzing techniques.
Our CTO Khaled Yakdan shows here how feedback-based fuzzing can be used to find vulnerabilities in the backend of your web application. You will also discover how to efficiently detect security vulnerabilities and bugs.
Simon Resch will explain an approach that assists you to simplify and automate your web application testing by implementing modern fuzzing techniques.