fuzz Libraries (code) in GitLab
Below list may need to be pared sown ad there is a different issue for API fuzzing
This issue should focus on NOT API fuzzing but code fuzzing
This is a list of software that we can consider when implementing GitLab fuzzing features.
- American Fuzzy Lop: open-source
- Beyond Security beSTORM: COTS with multiple protocol support similar to Peach or Synopsys
- ForAllSecure MAYHEM: startup from DARPA Cyber Grand Challenge
- Google OSS-Fuzz: Google hosted service/framework for evaluating open source projects
- Grammatech CodeSonar: specifically the binary analysis/decompiler functionality which is part of their SAST
- libFuzzer: open-source
- Microsoft binskim: lightweight scanner that checks binary attributes and compiler settings
- Microsoft Security Risk Detection: SaaS delivery of binary analysis
- OpenRCE Sulley: open-source
- Peach Tech Peach Fuzzer: COTS
- Radamsa: open-source
- Rogue Wave CodeDynamics: debugger with dynamic analysis for python and C/C++
- Synopsys Defensics: COTS with multiple protocol support similar to beSTORM or Peach
- Trail of Bits Manticore: open-source
Other tools available in https://www.owasp.org/index.php/Fuzzing#Fuzzing_tools.
The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.