Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

My New Year's Resolution As A Java Dev | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!
View Video

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.
View Video

How to Find Bugs In Java at Scale With CI Fuzz CLI and JUnit | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence
In this video, I demonstrate how to use CI Fuzz CLI, a simple and easy-to-use fuzz testing tool, to find unexpected bugs and vulnerabilities in Java software. I walk through the process of setting up and running a fuzz test, including creating a configuration file, adding dependencies to a Maven project, and writing JUnit-compatible fuzz tests. If you're interested in learning more about fuzz testing as a complementary approach to unit testing, this video is for you.
View Video

Going Beyond Unit Testing | How to Uncover Blind Spots in your Java Code with Fuzzing

Dec 16, 2022 By Code Intelligence In Code Intelligence
Check out fuzz.ci/cli to try out the tool for yourself! While most Java developers already use unit testing to test whether their application behaves as expected, complementary testing approaches such as fuzz testing enable them to also check their applications for unexpected or strange behaviors that could lead to crashes and make them vulnerable to Denial of Service (Dos) attacks or Zero-Day exploits.
View Video
Snyk

Unsafe deserialization vulnerability in SnakeYaml (CVE-2022-1471)

Dec 13, 2022 By Brian Vermeer In Snyk

SnakeYaml is a well-known YAML 1.1 parser and emitter for Java. Recently, a vulnerability — CVE-2022-1471 — was reported for this package. This vulnerability can lead to arbitrary code execution. The org.yaml:snakeyaml package is widely used in the Java ecosystem, in part because it is packaged by default with Spring Boot in the spring-boot-starter.

Read Post
code intelligence

How to Fuzz Java with CI Fuzz CLI

Dec 9, 2022 By Josh Grant In Code Intelligence

All software has bugs, and some can be difficult to find or reproduce. However, not all approaches to bug-finding need to be difficult to use! Fuzzing is an undeniably effective approach to finding security issues and bugs in software projects, however, tools can be complex to set up and execute. CI Fuzz CLI (open-source), automates the parts that make fuzzing complex, giving its users the look and feel of a unit test.

Read Post
code intelligence

Build Secure Java Applications with Fuzz Testing

Nov 29, 2022 By Markus Zoppelt In Code Intelligence

Today, I want to show you a way how to increase the integrity and functionality of your Java applications, with fuzz testing. This awesome testing approach has done me great service for building more secure Java applications, and it's basically as simple as unit testing. In this article, I will share how you can apply fuzz testing to your own code. And the best part: all code examples and tools I will use are 100% open-source.

Read Post

Fuzzing Java Applications With CI Fuzz | Gradle

Nov 29, 2022 By Code Intelligence In Code Intelligence
In this tutorial, I will show you how to set up and run a fuzz test on a Java application, with the CI Fuzz CLI using the Gradle integration. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.