Our great sponsors
-
Code Intelligence offers automated testing solutions such as CI Fuzz is an open-source command line tool designed to create fuzz tests and automate the fuzz testing process. It can be integrated into Continuous Integration (CI) pipelines, making it easier to run and manage the testing process. For example, it can help developers ship secure software by providing the necessary integrations to test their code at each pull request. CI Fuzz supports a wide range of programming languages, including C, C++, JavaScript, Java, Kotlin, and other JVM-based languages.
-
In the sample Java project, we have existing fuzz tests (You can check the test under this folder) and it has GitHub action is set up. Only thing you need us to set into a GitHub Workflow file is an action secret called CI_FUZZ_API_TOKEN with your API token. You can generate it under your Account setting on the Tokens tab.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Input Generation: The tester uses a fuzzing tool such as CI Fuzz or Jazzer to generate random or unexpected inputs to the software application.
-
java-demo
Simple Java project showcases two vulnerabilities - a SQL injection and a RCE that although simplified were inspired from two real-word CVEs
Now you can try to find your first bug in your project. We are going to use a simple ready java project that has two already vulnerabilities - a SQL injection and an RCE.