Various features like reporting, CI/CD and dev tool integration, WebAPI fuzzing, OWASP vulnerability detection enable highly productive work in the development process (DevSecOps). Our Enterprise Edition focuses on solving enterprise problems and integrations relevant to working in development teams. In this blog post, you can find more details about engineering Jazzer. We also target programming language mixing (native libraries via JNI), often leading to memory corruption bugs in the Java to C/C++ glue code. Jazzer supports finding various error types in the JVM code. Many proven fuzzing techniques, such as mutation strategies, error detection, or feedback from the program during run-time, are based on libFuzzer. No changes to the source code or build system are required. With Jazzer, developers can increase their test coverage to find edge cases, avoiding software bugs more effectively. Read the whole article in the Google Security Blog. Open-source projects can use Google's infrastructure to secure their Java libraries. Update: Google implemented Jazzer into OSS-Fuzz. We are happy to announce the open-source launch of Jazzer. Now we want to make its core available to the community. At Code Intelligence we already fixed thousands of bugs with our fuzzing engine for the Java virtual machine.
0 Comments
Leave a Reply. |