GitLab has announced that it is open sourcing its fuzz testing engine Protocol Fuzzer Community Edition.
According to GitLab, fuzz testing is the process of “inputting unexpected, malformed, and/or random data to measure response or stability of an application or service.” It helps developers discover software bugs that are often missed by typical QA methods and security scanning.
The tool will include the engine needed to run and orchestrate fuzz tests. It also includes the necessary components for defining custom protocols.
It is based on Peach Fuzzer Professional v4, which GitLab acquired in 2020.
Previously, GitLab users needed to pay for the commercial version of Peach Fuzzer to get access to its fuzzing capabilities. Another alternative was using “an older, unmaintained version” of Peach Fuzzer Community, but that lacked many of the features and fixes made available by the commercial version.
“By open sourcing much of what was previously available only with a paid license, we are thrilled to enable more security researchers, students, and developers to experiment with and use protocol fuzz testing to find vulnerabilities and bugs that other tools will not,” Sam Kerr, principal product manager at GitLab, wrote in a post. “This also enables everyone to contribute and help advance the state of the art even further!”
Going forward, the company plans to continue adding new capabilities to Protocol Fuzzer Community Edition. This will include new industry-specific features, pre-built support for common network protocols, and tighter integration with the CI process.