News

New CLI Tool Allows Java Devs to Add 'Fuzzing' to JUnit

• By John K. Waters
• November 30, 2022

Code Intelligence, a provider of automated testing tools, says its new open-source command-line interface (CLI)tool, CI Fuzz CLI, now allows Java developers to incorporate fuzz testing into their existing JUnit setups. Java developers can now use the tool to find functional bugs and security vulnerabilities at scale, the company says.

Fuzz testing or "fuzzing" is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to uncover software defects and vulnerabilities. A fuzzing tool like CI Fuzz CLI injects these unexpected inputs into the system and then monitors for reactions that indicate security, performance, or quality issues. It can be seen as a complementary approach to unit testing, which involves testing the smallest testable unit of an application.

CI Fuzz CLI was designed for the current challenges that come with fuzz testing, the company says, such as a lack of understanding and challenges with implementation, by making fuzz testing accessible for developers directly from their command line or IDE.
CI Fuzz CLI leverages genetic and evolutionary algorithms, as well as automated instrumentation, to dynamically generate millions of unusual inputs to test applications for unexpected behaviors that could lead to crashes, Denial of Service, or Zero-Day exploits.

By introducing new fuzzing capabilities for Java, CI Fuzz CLI enables continuous application security testing directly in the CI/CD process. "This is especially valuable to companies with cloud-based products and services who want to develop a mature DevSecOps pipeline," the company says.

"If you're completely new to fuzzing, I recommend starting with a simple test setup," Werner Krahe, product director at Code Intelligence, explained. "Use your pre-existing unit tests as a template to run local fuzz tests on small libraries and utils. After a while, you could take it further and apply it to more complex testing setups. Ultimately, fuzz testing will provide the best results when running continuously in your CI/CD."

CI Fuzz CLI comes with ready-to-use integrations for Maven, Gradle ,and Bazel, Krahe added, and with a JUnit setup in place, developers can even run fuzz tests directly from their IDEs.

The venerable JUnit is an open-source, Java-based, unit-testing framework developed by Parasoft. It's used to write and run repeatable automated tests, and it's considered one of the leading tools for regression testing, a type of software testing that checks to see if recent changes made to code have adversely affected previously written code.

Founded in 2018 by Sergej Dechand, Khaled Yakdan, and Matthew Smith, Code Intelligence provides an automated software security platform designed to help developers ship more secure code.