Security News > 2022 > December > CI Fuzz CLI: Open-source tool to test Java apps for unexpected behaviors
CI Fuzz CLI, the open-source Command-Line Interface tool from Code Intelligence, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup to find functional bugs and security vulnerabilities at scale.
CI Fuzz CLI, available on GitHub, leverages genetic and evolutionary algorithms and automated instrumentation to dynamically generate millions of unusual inputs to test Java applications for unexpected behaviors that may lead to crashes, DoS or zero-day exploits.
Fuzz testing, which can be seen as a complementary approach to unit testing, is gaining popularity in the open-source community.
Code Intelligence's new open-source tool aims to tackle these challenges by making fuzz testing accessible and usable for all developers directly from their command line or IDE. By introducing new fuzzing capabilities for Java, CI Fuzz CLI enables continuous application security testing directly in the CI/CD process.
"With the CI Fuzz CLI, Java developers can now improve the overall security and robustness of their applications with confidence and ease. It takes just three commands to set up and run a fuzz test. The tool comes with ready-to-use integrations for Maven, Gradle and Bazel. With a JUnit setup in place, developers can even run fuzz tests directly from their IDE," said Werner Krahe, Product Director at Code Intelligence.
"If you're completely new to fuzzing, I recommend starting with a simple test setup. Use your pre-existing unit tests as a template to run local fuzz tests on small libraries and utils. After a while, you could take it further and apply it to more complex testing setups. Ultimately, fuzz testing will provide the best results when running continuously in your CI/CD," Krahe concluded.