Just recently, our open-source fuzzing engine Jazzer found an Expression DoS vulnerability in Spring (CVE-2023-20861). Now, three weeks later, Jazzer found another similar Expression DoS in the Spring framework, labeled CVE-2023-20863. This new finding has an even higher CVSS score of 7.5 (high), compared to the previous finding which came in at 5.3 (medium).

Security testing is increasingly viewed as an essential part of the software development lifecycle (SDLC). Traditionally, agile software development has focused on development velocity, rapid market feedback, and delivering high quality products and services. However, software that's vulnerable to cyber attacks is not valuable to end users and creates huge risks for both customers and software vendors. This makes it critical to integrate security testing into the software development process.

Fuzz testing is a popular testing approach used to find bugs in C/C++ and embedded software, particularly memory corruptions. It has proven effective for identifying obscure bugs that are difficult to find through other testing methods. This testing approach is increasingly being adopted by automotive companies to comply with new security standards, save time, mitigate costs, and improve software quality. Let's have a look at how fuzzing is helping all of these automotive companies.

Polaris Software Integrity Platform® – a SaaS application security testing solution delivering speed without compromise. Faster, faster, faster. The pressure is on to do business faster, to develop faster, and to secure all of this with faster and faster AppSec. Businesses want to release products, services, and apps to their customers on shorter and shorter release cycles.

Unit tests are indispensable to check and prove that our code functions properly. But in unit testing, we only test the scenarios that we are aware of. However, there are scenarios unknown to us that lead to security vulnerabilities or performance problems. To address these scenarios, you can add fuzz tests in order to effectively find security, reliability, and even logic bugs in your code.

Java is widely used for developing web applications and relies heavily on APIs (Application Programming Interfaces). Therefore, API testing is a critical practice, as it ensures seamless functionality, compatibility, security, and performance while facilitating integration and simplifying debugging.