RIVER tests your software for common vulnerabilities with minimal human effort through advanced taint analysis and dynamic execution, reporting  vulnerabilities and code coverage.

What it is ?

RIVER works at the binary code level. At test time, it reads x86 instructions starting from the user’s application entry point and performs dynamic instrumentation similarly to software running inside a virtual machine. One of its biggest advantage against similar tools, is the forward and backward execution capabilities, i.e. it can restore the effects of a previously executed branch, increasing the performance of the tool.


Using RIVER, users can test their software against common vulnerabilities (crashes, datatype and buffer overflows) with no knowledge about source code. Fuzz testing methods are smartly applied using its taint analysis component to direct the testing towards pieces of inputs used for branch decisions.


The tracing component gives in-deep knowledge of the paths taken by the code and branch decisions, helping users to discover the code coverage of their test suites and also to automatically augment them with newly generated tests.