Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Videos

Detecting Out-of-Bounds Memory Access, Which Caused The Crowdstike's Incident

The Crowdstrike incident is a recent example of out-of-bounds memory access in C/C++ causing a crash. CrowdStrike reported that problematic content in Channel File 291 triggered an out-of-bounds memory read, leading to a Windows operating system crash (BSOD). Another critical example with the exact root cause is the Heartbleed vulnerability, which affected the OpenSSL library. Remarkably, fuzz testing could identify this issue in less than 10 seconds. Watch the video to see fuzz testing in action.

Demo: Code Intelligence's Fuzz Testing Platform. C/C++ example.

Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..

How Self-Learning AI Has Helped CARIAD Build An Automotive Software Powerhouse

CARIAD has been building one unified software platform for all Volkswagen brands to provide them with reliable software and digital best practices. In recent years, CARIAD and the rest of the automotive software sector faced extensive industry regulation and an array of dangerous and costly vulnerabilities. By introducing feedback-based fuzzing, an advanced white-box testing method that uses self-learning AI to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.

Breaking the Barrier of Dynamic Testing CI Spark Live Demo

The manual effort required to set up dynamic testing methods such as feedback-based fuzzing, presents a major barrier to adoption to many dev teams. CI Spark obliterates this barrier by automating the most labor-intensive parts of AI-powered white-box testing, which is identifying relevant entry points (e.g., an API that handles user data) and developing tests that are tailored to their structure.

How we found a prototype pollution in protobufjs - CVE-2023-36665

In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.

How we found a Prototype Pollution in protobuf.js

Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.