FuzzSlice Logo

Cut Through the Noise! Target Actionable Vulnerabilities

FuzzSlice tackles the problem of high false positives in static analysis with slice-level fuzzing, letting developers focus on real issues. It efficiently vets new code commits, enhancing the review process. Harness years of Software Engineering and Security Research with FuzzSlice. Embrace efficient fuzzing with our hosted and on-premises solutions!

Research PaperOpenSource Version

Connect with us! AniruddhanNoble

Overview

Overview

FuzzSlice provides quick insights into potentially vulnerable locations. FuzzSlice creates code slices centered around user-specified locations and subsequently fuzzes these small code slices. Automatic testing techniques can easily reach the location since the code slice is small.

Use Cases

Two types of potentially vulnerable locations that FuzzSlice can effectively test include:

  • Reducing false positives in Static analysis warnings. Static analysis tools suffer from high rate of false positives, which can overwhelm developers and reduce the efficiency of the debugging process. FuzzSlice reduces the number of false positives by 62.26%, ensuring that only genuine issues are flagged in under 5 minutes per warning according to our research.
  • Securing code reviews. FuzzSlice can enhance the code review process by fuzzing slices of code that needs to be merged. It can significantly improve the code review process by exposing bugs in new commits that can lead to new zero day vulnerabilities.
Benefits

Why does your repository need FuzzSlice?

FuzzSlice key features and benefits

  • Less Compute, Less time, More testing. FuzzSlice fuzzes small slices instead of the whole program. This saves time and compute in reaching vulnerable locations. By reducing the time spent on investigating potential vulnerable locations, FuzzSlice helps in faster development cycles and resource optimization.
  • Enhanced Security. In case of Static analysis tools, developers can focus on genuine issues rather than sifting through numerous false positives in SAST warnings. FuzzSlice can also contribute to enhancing code reviews by fuzzing new commits.
  • Fuzzing on premise. FuzzSlice performs this fuzzing on-premises, ensuring that code privacy is preserved.
  • Integration with other fuzzers and SAST. FuzzSlice can be integrated with popular static analysis and fuzz testing tools like American Fuzzy Lop (AFL) and LibFuzzer, making it adaptable to various development environments.