-
Code Intelligence offers automated testing solutions such as CI Fuzz is an open-source command line tool designed to create fuzz tests and automate the fuzz testing process. It can be integrated into Continuous Integration (CI) pipelines, making it easier to run and manage the testing process. For example, it can help developers ship secure software by providing the necessary integrations to test their code at each pull request. CI Fuzz supports a wide range of programming languages, including C, C++, JavaScript, Java, Kotlin, and other JVM-based languages.
-
Stream
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
-
In the sample Java project, we have existing fuzz tests (You can check the test under this folder) and it has GitHub action is set up. Only thing you need us to set into a GitHub Workflow file is an action secret called CI_FUZZ_API_TOKEN with your API token. You can generate it under your Account setting on the Tokens tab.
-
Input Generation: The tester uses a fuzzing tool such as CI Fuzz or Jazzer to generate random or unexpected inputs to the software application.
-
java-demo
Simple Java project showcases two vulnerabilities - a SQL injection and a RCE that although simplified were inspired from two real-word CVEs
Now you can try to find your first bug in your project. We are going to use a simple ready java project that has two already vulnerabilities - a SQL injection and an RCE.
