Unique analysis technique goes far beyond the limits of traditional fuzzing
TrustInSoft Analyzer adds formal verification to the fuzzing process by taking generated inputs and repurposes them to conduct deeper analyses, which catches problems that traditional fuzzing does not. The result is software security verification with no false positives or negatives.
“Most fuzzing attempts to generate invalid, unexpected, or completely random data to feed a given program in the hope of discovering any holes in its input verification. The aim is to detect situations when a program accepts an invalid input as valid when it actually shouldn’t,” said Fabrice Derepas Founder and CEO of TrustInSoft. “Our high-performance, high-volume analysis technology achieves much deeper levels of verification, which were not previously possible. As a result, we offer a mathematically provable 100 percent guarantee that code tested with TrustInSoft Analyzer will contain none of the undefined behaviors that are included in the CWE Top 25 classification list.”
TrustInSoft’s powerful new fuzzing feature guarantees that fuzz testing results are valid for any compiler, any chosen set of compiler options and any memory layout, making it the only comprehensive bug oracle for testing C/C++ code available today.
“This is a unique and innovative capability that no other testing tool can provide,” said Derepas. “Traditional fuzzing tests often miss undefined behaviors, but that needn’t be an issue for C/C++ SW developers, embedded software engineers or product security experts any longer.”
TrustInSoft participates in the Application Security Testing market. TrustInSoft Analyser is a hybrid static and dynamic code analyser that automates Formal Methods to mathematically guarantee C/C++ code quality, security, and safety. For more information, visit https://www.trust-in-soft.com.
+1 (408) 829-5882
Tristan Van den berg
Napier Partnership Ltd.
+44 (0) 1243 531123