Code Intelligence

  |  By Natalia Kazankova
Static code analysis is widely adopted among organizations for its ability to provide fast feedback loops and identify bugs early in development. However, despite its advantages, numerous bugs and vulnerabilities remain undetected and are only found when they've made their way into production or been caught by late-stage penetration testing. The best security practice involves leveraging both static and dynamic testing, such as fuzz testing.
  |  By Natalia Kazankova
As vehicles become increasingly reliant on software, secure and functional Hardware Security Modules (HSMs) are paramount. Unknown vulnerabilities in your automotive software can pose a significant threat to your products and business by putting you at risk of coding errors or insecure configurations, which can be exploited by malicious actors or lead to consequential failures.
  |  By Natalia Kazankova
In today's digital and interconnected era, the healthcare sector operates in a landscape of security risks. In 2023 alone, the number of vulnerabilities uncovered in medical devices jumped by 59% to 993 issues. Consequently, the U.S. Food and Drug Administration (FDA), the European Commission, and other governmental agencies have issued cybersecurity guidelines for medical devices. Many of these guidelines advocate for fuzz testing as a means of vulnerability detection.
  |  By Code Intelligence
New CI Sense Dashboard Calculates Code Coverage, Number of Findings, and Unit Test Equivalents In Real-Time.
  |  By Natalia Kazankova
While unit testing is crucial for improving code quality and reducing later testing time, it consumes at least 15% of developers' time. Developers can utilize automated fuzz tests to allocate more time for developing new features. They replace negative test cases, constituting around 30% of unit tests. In a recent analysis of a Java project using a fuzzing platform, a single fuzz test was equivalent to potentially 309 unit tests, achieving 74% code coverage within just 25 seconds.
  |  By Natalia Kazankova
Security testing allows you to evaluate the robustness of applications and systems and identify potential weaknesses that attackers may exploit. DAST and fuzzing are two popular, important, and proven security testing methods.
  |  By Natalia Kazankova
In the domain of software testing and security analysis, fuzzing has emerged as a powerful technique for uncovering vulnerabilities and enhancing the resilience of software systems. Microsoft and Google have been using fuzzing for ages. They were early adopters of fuzzing technologies to test their own systems. Since launching in 2016, Google's OSS-Fuzz, a free fuzzing platform for critical open-source projects, has helped fix over 8,800 vulnerabilities and 28,000 bugs across 850 projects.
  |  By Antonio Mimmo
In 2023, cyber threats increased and diversified, resulting in increased security challenges for organizations around the globe. Meanwhile, AI greatly increased its presence in the realm of cybersecurity, both negatively and positively. 2024 is going to be a year in which advanced AI tools and complex social engineering tactics will further alter the cybersecurity game. In this article, we will focus on the most important cybersecurity threats in 2024.
  |  By Sergej Dechand
Most modern vehicles are equipped with a variety of software systems and resemble sophisticated computers on wheels. The ISO/SAE 21434 standard is a framework that provides recommendations and requirements for secure software development in the automotive industry. But what is ISO 21434 exactly? And what can we expect from automotive software security in 2024? Read on and find out!
  |  By Josh Grant
In 2023, cyberthreats increased and diversified, resulting in increased security challenges for organizations around the globe. Meanwhile, AI greatly increased its presence in the realm of cybersecurity. It’s time to look ahead and focus on the anticipated cybersecurity threats and trends in 2024. What can we expect from threat actors and security specialists in the upcoming year? Read on and find out!
  |  By Code Intelligence
Sergej Dechand, Code Intelligence's CEO, demonstrates how developers can submit new code, which is automatically tested and analyzed for security issues. Sergej explains the process of running tests, assessing findings, and integrating with ticketing systems. You'll also see how to measure code coverage and download reports. It includes all the mentioned use cases with simulating hardware and autogenerated fuzz test setup..
  |  By Code Intelligence
CARIAD has been building one unified software platform for all Volkswagen brands to provide them with reliable software and digital best practices. In recent years, CARIAD and the rest of the automotive software sector faced extensive industry regulation and an array of dangerous and costly vulnerabilities. By introducing feedback-based fuzzing, an advanced white-box testing method that uses self-learning AI to uncover deeply hidden bugs and security vulnerabilities, CARIAD was able to find and fix potentially dangerous issues early in the development process.
  |  By Code Intelligence
The manual effort required to set up dynamic testing methods such as feedback-based fuzzing, presents a major barrier to adoption to many dev teams. CI Spark obliterates this barrier by automating the most labor-intensive parts of AI-powered white-box testing, which is identifying relevant entry points (e.g., an API that handles user data) and developing tests that are tailored to their structure.
  |  By Code Intelligence
In today's fast-paced software environment, third-party code has become irreplaceable. With 96% of codebases containing open-source dependencies, the image is clear: open-source is ubiquitous in the development landscape.
  |  By Code Intelligence
In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.
  |  By Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
  |  By Code Intelligence
Learn how AI.powered white-box testing leverages the internal design of the software under test to bugs and vulnerabilities that are off-limits to traditional testing methods.
  |  By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
  |  By Code Intelligence
Building secure and reliable APIs is an essential and challenging endeavor. Traditional API testing approaches perform blackbox testing and test the application through the network. This is both slow and lacks deep insights into how the tested application handles API requests. Also, it happens late in the software development lifecycle as it requires a complete application deployment.
  |  By Code Intelligence
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.

Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.

Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.

Secure Your Code With Each Pull Request:

  • Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
  • Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
  • Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
  • Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
  • Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.

Find, Triage, and Fix Security Issues at Scale .