Mayhem Blog

API security and testing are critical parts of any company's IT and development strategy. By securing your APIs, you can protect your data and ensure that only authorized users have access to your systems.

For some people, crypto means cryptography. For others, it means cryptocurrency. Fortunately, in this episode, we’re discussing vulnerabilities in both. Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies.

Learn about the importance functional testing plays in application security and how it can help ensure that newly introduced functionality does not introduce new vulnerabilities.

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Is there something more secure? Something better? Yes. Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today.

This blog post provides a general overview of the roles and importance of Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) in Application Security Testing (AST), as well as how fuzzing fits into this picture.

This is the story of a film star who connected the simple concept behind a player piano to complex communication technology in use in our devices today. Hedy Lamarr is perhaps best known as the most beautiful woman in world but she was also a genius.

Fuzzing makes it possible to locate vulnerabilities even in “safe” environments like Erlang, a language designed for high availability and robust services. Jonathan Knudsen from Synopsys joins The Hacker Mind to discuss his presentation at SecTor 2021 on fuzzing message brokers such as RabbitMQ and VerneMQ, both written in Erlang.

From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. As we continue to accumulate security debt and struggle to solve the cybersecurity workforce shortage, it becomes clear that we’re living on borrowed security time.

Integrating fuzzing as a part of your DevOps pipeline can deliver big results: security and development alignment, shortened feedback and testing cycles, and clear insight into what is -- and isn’t -- being tested. Here’s a tried-and-true 5 step checklist to help you get financial buy-in from your management chain.