The automated testing company, Code Intelligence, today announced that its open-source Command-Line Interface tool, CI Fuzz CLI, now enables Java developers to include fuzz testing in their current JUnit setup. With this, Java developers can locate functional bugs as well as security vulnerabilities at scale.
According to the company, CI Fuzz CLI leverages genetic and evolutionary algorithms along with automated instrumentation in order to generate multiple unusual inputs to test applications for unplanned behaviors that can result in a crash, Denial of Service, or Zero-Day exploits.
“With the CI Fuzz CLI, Java developers can now improve the overall security and robustness of their applications with confidence and ease. It takes just three commands to set up and run a fuzz test. The tool comes with ready-to-use integrations for Maven, Gradle and Bazel. With a JUnit setup in place, developers can even run fuzz tests directly from their IDE,” said Werner Krahe, product director at Code Intelligence. “If you’re completely new to fuzzing, I recommend starting with a simple test setup. Use your pre-existing unit tests as a template to run local fuzz tests on small libraries and utils. After a while, you could take it further and apply it to more complex testing setups. Ultimately, fuzz testing will provide the best results when running continuously in your CI/CD.”
The new open-source tool is intended to tackle the current challenges that come with fuzz testing, such as a lack of understanding and challenges with implementation, by making fuzz testing accessible for developers directly from their command line or IDE.
Additionally, CI Fuzz CLI offers users continuous application security testing directly in the CI/CD process by introducing new fuzzing capabilities for Java.
“Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It’s like having an automated security expert always by your side,” said Thomas Dohmke, CEO of GitHub.