CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

In this stream, I will demonstrate:
1) How to cover the current state of fuzz testing
2) How to set up CLI fuzzing within 3 commands
3) How to uncover multiple bugs and severe memory corruption vulnerabilities

All code examples and tools used are open-source.

If you have questions, or need help to set your fuzz test, please feel free to reach out via: oss-security@code-intelligence.com.

Content:

00:00 Introduction

01:35 What is fuzz testing?

09:46 Sanitizers

12:18 What bugs can you find with fuzzing

14:39 Good targets for fuzz testing

15:30 Introduction to CI Fuzz CLI

20:45 How to uncover hidden bugs and vulnerabilities in C++

44:00 Recommendations

Sources:
CI Fuzz CLI
https://github.com/CodeIntelligenceTesting/cifuzz
What is Fuzz Testing?
https://www.code-intelligence.com/blog/fuzzing-101-the-basics
What Bugs Can You Find With Fuzzing?
https://www.code-intelligence.com/blog/what-bugs-can-you-find-with-fuzzing