CI-Fuzz-Playground

Welcome to the CI-Fuzz Playground! This project has been created by Code Intelligence to allow you to learn and explore fuzzing for various use cases and technologies.

What is fuzzing (in a nutshell)?

Fuzzing is a dynamic code analysis technique that supplies pseudo-random inputs to a software-under-test (SUT), derives new inputs from the behaviour of the program (i.e. how inputs are processed), and monitors the SUT for bugs.

How does this playground work?

1. Take a look at the fuzzing playground on app.code-intelligence.com, look at the findings and the projects that trigger them. We have examples for C/C+ (API and network socket), Java (API and Web) and Go (API).

2. Request early access to dive into this Playground to understand the code that causes the findings and the fuzz tests that are used to catch them.

3. Check out our resources and further reading to understand more about fuzzing or to take the next steps and fuzz your code – either with Jazzer or with a full-blown CI Fuzz version.

Use Cases:

• C and C++

  • API Fuzzing (Plain, Chain, Mocking)
  • Network Socket Fuzzing (Plain, Chain)

• Java

  • API Fuzzing (Plain, Chain)
  • Web App Fuzzing (REST, Web)
  • gRPC

• Go

  • Go Fuzzing (Plain)

Other Resources:

Code Intelligence Knowledge Base