Menu

CI Fuzz 2.13: Improvements for Java Fuzzing and UI/UX (Release Note)

published 2020-05-08, written by Jonathan Reimer

Our latest release comes with several new features for Java fuzzing and great improvements for the user experience. Among the improvements for java fuzzing are several bug detectors (suspicious IO activities, information leaks). Besides this our auto configuration now supports the Java Spring framework. Furthermore the user interface has gotten a more modern touch and now backs the developer by defining a fitting build and run environment for their code using Docker images.

CI Fuzz Version 2.13 (released May 08, 2020)

Java Fuzzing

  • Suspicious IO activities: Improvement in bug detection for suspicious IO activity including IO operations that attempt to write outside the project scope, or ones that use relative paths that could be dangerous. For example, an execution that attempts to write in a path such as “../../../foobar” could be used as an attack vector to write executable data on the host.
  • Information Leaks: Improvement in bug detection for information leaks. For example, leaking information about the organization back end, used technologies, or sensitive data through misconfigured error messages and server responses.
  • Auto configuration for Spring framework: Controller and parameter detection and fuzzing autoconfig for Spring.

User Interface

  • Create and configure projects with Docker: The new UI allows users to define a suitable build and run environments for their project through the use of Docker images. CI Fuzz will take care of building and running the project within the defined environments. This is aimed to solve issues where the user machine can not provide the necessary dependencies to build and run the project being tested (e.g due to network restriction or OS compatibility).
  • Design upgrade: Redesign elements in the UI with a more modern view and support different color themes.
  • Various Bug fixes and UI enhancements.

 

If you are curious about the latest change, we recommend that you  join our next webinar “The Path to Secure Java Microservices” on May 26. Our engineer Christian Hartlage will talk about the security challenges of the Java Spring Boot framework and how to solve them efficiently during the development process with CI Fuzz 2.13.

Free Webinar

 

What do you think about the latest features? Drop us a comment!