At Code Intelligence we already fixed thousands of bugs with our fuzzing engine for the JVM. Now we want to make its core available to the community.
We are happy to announce the open-source launch of Jazzer.
Update: Google integrated Jazzer into OSS-Fuzz. Now open-source projects can use Googles infrastructure and computing power to secure their Java libraries. Read the full release note in the Google Security Blog.
With Jazzer, developers can increase their test coverage to find edge cases, avoiding software bugs more effectively. No changes to the source code or build system are required. Many proven fuzzing techniques, such as mutation strategies, error detection, or feedback from the program during run-time, are based on libFuzzer. Jazzer supports finding various error types in the JVM code. We also target programming language mixing (native libraries via JNI), often leading to memory corruption bugs in the Java to C/C++ glue code. In this blog post, you can find more details about engineering Jazzer.
Our Enterprise Edition focuses on solving enterprise problems and integrations relevant to working in development teams. Various features like reporting, CI/CD and dev tool integration, WebAPI fuzzing, OWASP vulnerability detection enable highly productive work in the development process (DevSecOps). If you have been eager to get hands-on experience with fuzz testing, look at our Github repository. There you will find a step-by-step guide on how to get your first findings with Jazzer within minutes.
“With the open-source release of Jazzer, we want to contribute
to helping even more developers to write better software.”
Sergej Dechand, CEO of Code Intelligence