Ship Fuzzed C / C++ Faster.

Ship Fuzzed C / C++ Faster.

Integrate "Continuous Fuzzing" into your CI cycle to find bugs and security vulnerabilities early in your development cycle with Fuzz Stati0n. Fuzz testing is a dynamic technique that bombards a target application with crafted "garbage" input to force the execution of unanticipated paths, leading to potentially exploitable crashes.

Our efficient and effective cloud based platform runs the groundbreaking AFL fuzzer on up to 36 CPUs, enabling fuzz runs to be completed in minutes, not days, resulting in more secure and robust code shipped sooner. Continuous Fuzzing for the DevSecOps win.

How It Works

1. Upload the instrumented target binary via our Developer API.
2. We spin up a massive AWS cluster and start fuzzing.
3. AFL crashes the target with random garbage input.
4. We consolidate, minimize and deliver the results.

Features

  • DEVELOPER API: Easily integrate fuzz testing into your Continuous Integration cycle using our REST style developer API.

  • COMPREHENSIVE WORK FLOW: Fuzz Stati0n ranks crashes by exploitability and automatically runs corpus minimization and memory analysis tools.

  • MAINTAIN CONTROL OF YOUR IP: Keep your intellectual property on your instances, behind your AWS security group.

  • FUZZING TARGETS: Fuzz Stati0n can fuzz test your Linux applications written in C or C++.

"Fuzz Stati0n helped us to identify and implement a powerful form of vulnerability testing that has improved our security posture. We are a happy customer.”

- File Open Systems CEO, Sanford Bingham

"Fuzz Stati0n - Winner of the Firestarter Award for Most Innovative Early Stage Startup"

- Tech Trailblazers

Professional Services

  • FUZZ TESTING TRAINING: We will train your engineers on all aspects of fuzz testing including: preparing the binary, running the fuzz test, post-run crash processing, and crash triage.

    Please see our training page for more details.

  • BUILD/TEST CYCLE INTEGRATION: Continuous Fuzzing (integrating fuzz testing into your CI cycle) finds bugs early. We can help you set up a complete source code to triaged crashes workflow.

  • CUSTOM FUZZ TESTING: Just want to have an application fuzzed? We will fuzz test your application for you.

FAQ

What is Fuzz Testing? Fuzz testing is a dynamic technique that bombards a target application with crafted 'garbage' input to force the execution of unanticipated paths, leading to potentially exploitable crashes.

What applications should be fuzzed? Any Linux C / C++ application which processes input (especially untrusted input) is a good fuzzing candidate.

I'm concerned about uploading my binary. Our solution runs on Amazon AWS cloud instances behind security groups (firewalls) controlled by our customers. You maintain complete control over your intellectual property at all times.

How do I integrate fuzz testing into my build and test cycle? Our Developer API makes it simple and easy to integrate fuzzing into an existing testing regimen - we will soon be offering out of the box GitHub and Jenkins CI integration.

The Story

Let's begin the story back in 1994 when I became a professional software engineer after receiving a BA in Computational Mathematics from UCSC. I established myself in the industry working for Steve Jobs at NeXT and Apple, launching into the world of extremely successful start-ups with WebLogic and Azul Systems.

After a break from my epic career in Silicon Valley to raise a guide dog puppy, sing operatic tenor and surf the best waves on the planet, I turned my full attention to security research, becoming a successful bug bounty hunter before pivoting to application security, fuzzing technology, and heap corruption vulnerabilities.

It became apparent that I could find vulnerabilities more effectively by fuzzing at scale - out of this, Fuzz Stati0n was born. My intent is to exponentially increase my contribution to security by democratizing the technology. I am passionate about protecting my friends, family, and the rest of humanity from hacks, fraud, and privacy breaches.

- David Moore, CEO / Founder