How do Cybersecurity Assurance Levels work in ISO 21434? 🚗

Like other automotive standards, ISO 21434 recommends using CALs to determine the rigor of testing activities. Our latest blog post sheds some light on how CALs can be used to build robust software in compliance with ISO 21434.

Topics include:
➡ How CALs work
➡ The difference between CALs and risk values
➡ The role of fuzz testing within CALs

Dive in: https://www.code-intelligence.com/blog/iso21434-cybersecurity-assurance-levels

The waiting list for early access to CI Spark is now open✨

Be among the first to break down the barriers in dynamic white-box testing with our LLM-powered AI assistant.

Enroll for early access: https://www.code-intelligence.com/live-demo/ci-spark

#AppSec #AI #SoftwareTesting #llm

Happening now!🚨

Don't miss out on our live demo, where Code Intelligence co-founder Khaled Yakdan
will show you how to break the barrier of dynamic testing through detecting and autoconfiguring entry points with CI Spark.

Sign Up Here: https://www.code-intelligence.com/live-demo/ci-spark

Join us for a live demo of CI Spark next week: https://www.code-intelligence.com/live-demo/ci-spark

Meet CI Spark✨
Our new #LLM-powered AI assistant for detecting and autoconfiguring entry points.

Initial results show an acceleration of 1500%, reducing the workload for onboarding new projects from several days to under three hours!

More in our blog: https://www.code-intelligence.com/blog/ci-spark

Third-party code has become irreplaceable.
However, it comes with great risk 🔴

Join us live as @metzmanj from @GoogleOSS discusses how our collaboration enabled them to uncover severe security issues in popular open-source libraries.
#Java #javascript

https://www.code-intelligence.com/webinar/mitigating-the-risks-of-3rd-party-code#register

We found a prototype pollution vulnerability in tree-kit: CVE-2023-38894 🚨

More info in our blog: https://www.code-intelligence.com/blog/treekit-prototype-pollution-cve-2023-38894

#treekit #prototypepollution #javascript #npmjs

How we found a Prototype Pollution in protobuf.js - Live Demo 🚨

Our team has recently found a prototype pollution vulnerability in protobuf.js (CVE-2023-36665).

With a high CVSS Score of 9.8, this vulnerability would have put affected applications at risk of remote code execution and denial of service attacks.

Our colleague Peter Samarin wrote the bug detector behind it all, and will be giving a live demo of how this CVE was found.

Thursday, August 10th at 4:00 PM CEST/ 10:00 AM EDT

Sign up and reserve your spot today. ⏰

https://www.code-intelligence.com/webinar/how-we-found-a-prototype-pollution-in-protobufjs#register

#javascript #cve #cybersecurity

We found a prototype pollution vulnerability in protobufjs: CVE-2023-36665 🚨
Snyk CVSS Score: 8.6 (high)

Affected applications are at risk of remote code execution and denial of service attacks. The vulnerability was found by our open-source JavaScript fuzzer Jazzer.js, running in Google's OSS-Fuzz.

Mitigation:
Versions from 6.10.0 to 7.2.4 are affected and hence vulnerable to prototype pollution. The maintainer issued an update that fixed this vulnerability on April 18, 2023. We strongly recommend that impacted users upgrade to newer versions that include the fixes, i.e., version 7.2.4 and above.

Hats off to our colleague Peter for writing the bug detector and disclosing the vulnerability to the project maintainer 🙌

More info in our blog: https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665

#javascript #jazzerjs #cve #opensource #protobufjs

AI Is fundamentally transforming the SDLC 🔄

We published a new whitepaper taking an in-depth look at how self-learning AI will reshape the SDLC and the way we write, test and deploy code.

Get your copy at http://code-intelligence.com/ai

#softwaredevelopment #Softwareengineering #ai

Join us today at 4:00 PM CEST / 10:00 AM EDT!

Come meet Code Intelligence CTO Niklas Henrich live and join a discussion on how your unit tests can be enhanced with self-learning AI to reveal bugs and security vulnerabilities that would otherwise go unnoticed.

Stay tuned to the end for interactive questions and a live Q&A.

https://www.code-intelligence.com/webinar/spring-boot-apis

#unittests #springboot #apitest

𝐓𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐏𝐫𝐨𝐝𝐮𝐜𝐭𝐢𝐯𝐞 𝐒𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭: 𝐒𝐞𝐥𝐟-𝐋𝐞𝐚𝐫𝐧𝐢𝐧𝐠 𝐀𝐈 𝐟𝐨𝐫 𝐚 𝐒𝐞𝐜𝐮𝐫𝐞 𝐓𝐨𝐦𝐨𝐫𝐫𝐨𝐰

Last week, our CEO Sergej Dechand led viewers through a live discussion of the transformative power of self-learning AI in software development.

We would like to thank all of our viewers for the great questions and discussions at the end!

Missed our live event? Don’t worry, you can watch it anytime on demand.

Check out the recording to learn about
- the trajectory of current trends
- leveraging self-learning AI to build secure software
- the role of AI across the different stages of the SDLC

Learn more here:
https://www.code-intelligence.com/webinar/devsecops/future-of-productive-development

Jazzer just found another Expression DoS vulnerability in Spring (CVE-2023-20863)

CVSS score: 7.5 🚨

As part of Google’s OSS-Fuzz, Jazzer recently found CVE-2023-20861 within Spring. Now, 3 weeks later, it yielded another, more severe Expression DoS.

More info in our blog: https://www.code-intelligence.com/blog/expression-dos-spring-part-2

To those who missed it, this was our special feature for April Fool's day:

New Feature: Catch ‘em all with CI Instant Fix! 🆕

Try it out in 4 easy steps:
1️⃣ Log in to the CI App: https://app.code-intelligence.com (requires GitHub sign-in)

2️⃣ Click on the application you want to instantly fix

3️⃣ Click on CI Instant Fix

4️⃣ Catch 'em all!

#Fuzzing #Security #AprilFoolsDay

Jazzer.js now integrates with Jest 🥳

JavaScript developers can now test their applications for both functional and security issues at the same time.

The Jazzer.js fuzzing engine helps to find critical security vulnerabilities by generating invalid or unexpected inputs.

This is now possible using the familiar syntax of unit testing in Jest.

More on this in our blog: https://www.code-intelligence.com/blog/fuzzing-javascript-jazzer.js

@joshin4colours will also host a coding session next week to demo this integration: https://www.linkedin.com/video/event/urn:li:ugcPost:7032002082748420096/

Let us know which other frameworks you would like to see Jazzer.js support for!

FuzzingWeekly CW4:

Critical RCE Vulnerabilities Found in git (CVE-2022-4190, CVE-2022-23251) ➡️
https://helpnetsecurity.com/2023/01/19/git-critical-vulnerabilities/

Fuzzing the Shield: CVE-2022-24548 ➡️
https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0

A Framework for Blackbox Fuzzing Using Context-Free Grammars ➡️
http://shorturl.at/hNOSY

@joshin4colours explained fuzz testing without using any code:
https://youtu.be/cC9HtSDBRNk

RT @CyresConsulting@twitter.com

Last night was a successful kick-off for the 𝟐𝟎𝟐𝟑 𝐀𝐮𝐭𝐨𝐦𝐨𝐭𝐢𝐯𝐞 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐟𝐭𝐞𝐫𝐰𝐨𝐫𝐤 - 𝐌𝐮𝐧𝐢𝐜𝐡 𝐌𝐞𝐞𝐭𝐮𝐩 𝐄𝐯𝐞𝐧𝐭 𝐒𝐞𝐫𝐢𝐞𝐬 🙌 There were drinks, snacks, views and a live #fuzztesting demonstration.

🐦🔗: https://twitter.com/CyresConsulting/status/1616397929425551360

Join our latest livestream with fuzzing expert @joshin4colours@twitter.com, where he will demonstrate how automated fuzz testing can quickly and simply identify the Log4j vulnerability in under 10 minutes.

February 9th, 2023 at 4PM CET

https://www.code-intelligence.com/webinar/automated-fuzzing

#java #fuzzing #unittesting