Our great sponsors
- Sonar - Write Clean Java Code. Always.
- ONLYOFFICE ONLYOFFICE Docs — document collaboration in your environment
- InfluxDB - Access the most powerful time series database as a service
-
Code Intelligence offers automated testing solutions such as CI Fuzz is an open-source command line tool designed to create fuzz tests and automate the fuzz testing process. It can be integrated into Continuous Integration (CI) pipelines, making it easier to run and manage the testing process. For example, it can help developers ship secure software by providing the necessary integrations to test their code at each pull request. CI Fuzz supports a wide range of programming languages, including C, C++, JavaScript, Java, Kotlin, and other JVM-based languages.
-
In the sample Java project, we have existing fuzz tests (You can check the test under this folder) and it has GitHub action is set up. Only thing you need us to set into a GitHub Workflow file is an action secret called CI_FUZZ_API_TOKEN with your API token. You can generate it under your Account setting on the Tokens tab.
-
Sonar
Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
Input Generation: The tester uses a fuzzing tool such as CI Fuzz or Jazzer to generate random or unexpected inputs to the software application.
-
java-demo
Simple Java project showcases two vulnerabilities - a SQL injection and a RCE that although simplified were inspired from two real-word CVEs
Now you can try to find your first bug in your project. We are going to use a simple ready java project that has two already vulnerabilities - a SQL injection and an RCE.
