A few weeks ago, we introduced Spark, an AI Test Agent that autonomously uncovers bugs in unknown code with just a single command. Watch the video to see how Spark generated 3 successful fuzz tests, identified a severe vulnerability, and achieved 79% code coverage with just one command. Spark has already identified several real-world vulnerabilities in open-source projects, even those that are continuously fuzzed.

Testing Classic AUTOSAR applications has long been a significant challenge due to the reliance on hardware-in-the-loop (HiL) setups, which are costly, complex, and hard to scale. In this free webinar, Khaled Yakdan explains how a Tier-1 automotive supplier implemented Code Intelligence’s AUTOSAR simulator and enabled Software-in-the-Loop testing. Dr. Khaled Yakdan, Chief Product Officer, of Code Intelligence, also explains how this approach helps catch more critical bugs that can be accessed externally, speeds up security testing, and reduces hardware dependency.

In previous videos, you've seen that LLM can generate fuzz tests. But what if AI fails to produce a working test or to cover specific workflows that are unavailable as unit tests or usage examples in the code base? You can prompt AI to make changes. Here is how the "Interactive mode" works in CI Fuzz.

After generating fuzz tests with LLMs, the next important step is verifying that these tests are of high quality and ensuring they run and work as intended. CI Fuzz can now automatically build the generated fuzz test, run it, and perform a health check to assess its quality and refine it further if it doesn't pass the health check. Watch the video to see it in action.

Creating high-quality fuzz tests is essential for efficient fuzz testing. However, crafting these tests is a time-consuming, manual process, which has become a major barrier to the widespread adoption of fuzz testing. Watch the video to see how CI Fuzz can automatically generate high-quality fuzz tests by leveraging LLMs and static analysis.

The first step to start fuzzing is to identify what part of the software you want to fuzz. You definitely want to fuzz the most critical functions/APIs—those that exercise a significant amount of code and trigger key functionalities. However, manually identifying these targets can be time-consuming and challenging. Watch the video to see how CI Fuzz can automatically prioritize functions for fuzzing.

If you want to automate your code analysis to identify the best fuzzing targets, you can do so with CI Fuzz. In the previous video, Khaled demonstrated how CI Fuzz automatically prioritized functions to test. But what if you already have unit or fuzz tests? CI Fuzz can analyze an LCOV coverage report and identify less-covered functions. These functions will now receive higher scores, highlighting them as top targets for new tests.

About this webinar: Join the webinar to learn and see an in-depth live demo on how you can leverage fuzz testing to detect out-of-bound memory access bugs and similar vulnerabilities in C and C++ projects.

The Crowdstrike incident is a recent example of out-of-bounds memory access in C/C++ causing a crash. CrowdStrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library. Remarkably, fuzz testing could identify this issue in less than 10 seconds. Watch the video to see fuzz testing in action.

Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..