AST

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

View Video

Code Intelligence

Read more about Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I demonstrate how to use CI Fuzz CLI, a simple and easy-to-use fuzz testing tool, to find unexpected bugs and vulnerabilities in Java software. I walk through the process of setting up and running a fuzz test, including creating a configuration file, adding dependencies to a Maven project, and writing JUnit-compatible fuzz tests. If you're interested in learning more about fuzz testing as a complementary approach to unit testing, this video is for you.

View Video

Code Intelligence

Read more about How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

My New Year's Resolution As A Java Dev | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!

View Video

Code Intelligence

Read more about My New Year's Resolution As A Java Dev | Code Intelligence

How to Maximize the Value from Your SAST Tool

Dec 20, 2022 By Sharon Kochevsky In Mend

It stands to reason that if you’ve implemented a Static Application Security Testing (SAST) tool, you’ll want to reap the full value of the investment. But to accurately assess ROI, you need metrics that can evaluate factors such as overall results, KPI compliance, and timeframe. Only then can you estimate whether you’re making a real improvement to the security of your code base, and from that, assess the monetary value of these results.

Read Post

Mend

Read more about How to Maximize the Value from Your SAST Tool

Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing

Dec 16, 2022 By Code Intelligence In Code Intelligence

Check out fuzz.ci/cli to try out the tool for yourself! While most Java developers already use unit testing to test whether their application behaves as expected, complementary testing approaches such as fuzz testing enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits.

View Video

Code Intelligence

Read more about Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing

3 Reasons Why You Should Fuzz Your Christmas Tree

Dec 14, 2022 By Josh Grant In Code Intelligence

A recent study shows that software attacks cause Millions of Christmas trees to go dark each year (Claus, 2021). Since many people believe that trees cannot be hacked, they tend to find themselves in a false sense of security that too often leaves them exposed. In this article, I want to show you why fuzzing is the right method to protect your Christmas tree against malicious software attacks while turning it into a video game console.

Read Post

Code Intelligence

Read more about 3 Reasons Why You Should Fuzz Your Christmas Tree

Top 10 Cybersecurity Conferences of 2023

Dec 13, 2022 By Alexander Thiam In Code Intelligence

2023 is coming in hot. If you don't want to miss out on this year's best events, you better start planning your conference schedule early. To help you out, I created an overview of my personal top 10 favorite cybersecurity events in 2023 about application security, cloud security, IoT, and all the other topics that currently occupy the cybersecurity world.

Read Post

Code Intelligence

Read more about Top 10 Cybersecurity Conferences of 2023

How to fuzz your Java projects using CI Fuzz CLI in Maven

Dec 13, 2022 By Code Intelligence In Code Intelligence

With CI Fuzz CLI, Java developers can integrate fuzz tests into their unit testing setups (e.g. JUnit). In this video, Josh demos how easy this can be done in Maven.

View Video

Code Intelligence

Read more about How to fuzz your Java projects using CI Fuzz CLI in Maven

How to fuzz your Java projects using CI Fuzz CLI in Gradle

Dec 12, 2022 By Code Intelligence In Code Intelligence

With CI Fuzz CLI, Java, developers can integrate fuzz tests into their unit testing setups (e.g. JUnit). In this video, Josh demos how easy this can be done in Gradle.

View Video

Code Intelligence

Read more about How to fuzz your Java projects using CI Fuzz CLI in Gradle

How to Fuzz Java with CI Fuzz CLI

Dec 9, 2022 By Josh Grant In Code Intelligence

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

Read Post