Mayhem Blog

Expert insights and tips on application security, API security, and other DevSecOps topics.

What’s New: August 2024

We’ve improved import/export capabilities, refined our analysis of Windows targets, and launched the first iteration of automated defect tracking.

Why Automotive Developers Shouldn't Overlook Application Fuzzing

This blog post will explore why application fuzzing is important and how it can complement protocol fuzzing in automotive development.

How to Test Embedded Systems Security Easily with Mayhem

In this blog post, we will demonstrate how Mayhem can be used to easily set up fuzzing campaigns in embedded systems, using IoTGoat’s dnsmasq as an example.

Lessons from Today’s CrowdStrike Outage: How to Navigate Software Release Challenges

Let’s talk about the challenges of delivering global scale software and the things engineering teams can do to improve reliability.

Meet the Mayhem Team at Blackhat 2024

We’re excited to announce that Mayhem will be attending and will have a booth at Black Hat 2024. We look forward to connecting with you!

API Security

If You’re Only Doing WAF, You’re Doing API Security Wrong

Some organizations have begun using Web Application Firewalls (WAFs) to protect their APIs, but this isn’t a true solution to API security.

Mayhem Makers

Mayhem Makers: Dylan Bargatze, Senior Staff Engineer

“Mayhem Makers" is a Q&A series dedicated to our growing company. For this month’s profile, we talked with Dylan Bargatze, Senior Staff Engineer at Mayhem.

The Hacker Mind Podcast

The Hacker Mind Podcast: Gaining Persistence On Windows Boxes

When we hear about bad actors on a compromised system for 200+ days, we wonder how they survived for so long. Often they hide in common misconfigurations. Paula Januszkiewicz, CEO of Cqure returns to The Hacker Mind to explain.

Code Security

How Mayhem Is Making AppSec Easy for Small Teams

In this post we'll explore how Mayhem works and the benefits it offers to smaller companies looking to secure their apps.

Code Security

FFIEC Updates Its Cybersecurity Guidelines For Financial Institutions

The recently updated Cybersecurity Resource Guide for Financial Institutions provides best practices, recommendations, and resources to help organizations protect their networks and data from cyber threats.

Mayhem Tips

Where Mayhem's Automated Security Testing Fits Best into Your DevOps Pipeline

This post explains how Mayhem fits into the development lifecycle, continually analyzing the main branch of your repo and generating regression tests.

Code Security

3 Causes of Software Vulnerabilities and How to Reduce Your Risk

In order to reduce your risk from exploitable vulnerabilities, it is important to understand what causes them and how they can be fixed.

Code Security

Why Fuzz Test: 20 Mozilla Vulnerabilities Found With Fuzz Testing

Recently, Mozilla, makers of the Firefox browser, reported 20 vulnerabilities they found through fuzz testing their code.

The Hacker Mind Podcast

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

In this episode, I’m going to talk about Star Wars. Literally, how the rebellion fighting the Empire has echoes in how we approach and mitigate information security threats.

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.