Mayhem Blog

Expert insights and tips on application security, API security, and other DevSecOps topics.

What’s New: August 2024

We’ve improved import/export capabilities, refined our analysis of Windows targets, and launched the first iteration of automated defect tracking.

Why Automotive Developers Shouldn't Overlook Application Fuzzing

This blog post will explore why application fuzzing is important and how it can complement protocol fuzzing in automotive development.

How to Test Embedded Systems Security Easily with Mayhem

In this blog post, we will demonstrate how Mayhem can be used to easily set up fuzzing campaigns in embedded systems, using IoTGoat’s dnsmasq as an example.

Lessons from Today’s CrowdStrike Outage: How to Navigate Software Release Challenges

Let’s talk about the challenges of delivering global scale software and the things engineering teams can do to improve reliability.

Meet the Mayhem Team at Blackhat 2024

We’re excited to announce that Mayhem will be attending and will have a booth at Black Hat 2024. We look forward to connecting with you!

No items found.

To All The Tools I’ve Loved Before: The Commitment Phobe (Open Source Fuzzers)

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.

Code Security

The Risks In Using Third-Party Code

Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit.

No items found.

To All The Tools I’ve Loved Before: The Selfish One (IAST)

The Hacker Mind Podcast

The Hacker Mind Podcast: The Gentle Art of Lockpicking

What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers. Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also provides some basic lockpicking tips.

Code Security

Securing Your Software Supply Chain

Part one of a three-part series. Applications contain hundreds of code components. Applications are constructed similarly to automobiles: parts are sourced from multiple vendors to produce software that is then used by the consumer.

No items found.

To All The Tools I’ve Loved Before: The Liar (SAST)

Code Security

Back to the Fuzz: Fuzzing for Command Injections

Some may remember NCSA HTTPd, a predecessor to Apache. However, what they might not know (but won't be surprised by!) is that it had plenty of bugs. Let's dive in and reproduce a classic command injection with fuzzing!

Code Security

Useful Properties To Check With Fuzz Testing

The is part three of a three part series on Property-based Fuzz Testing. This article lists a number of useful properties that are commonly used to validate the correctness and safety of code. If you are not sure how to apply property-based fuzzing to your code, this list should give you some inspiration.

The Hacker Mind Podcast

The Hacker Mind Podcast: So You Want To Be A Pentester

To help more people to become penetration testers, Kim Crawley and Phillip L. Wylie wrote The PenTester BluePrint: Starting A Career As An Ethical Hacker. In this episode of The Hacker Mind, Kim talks about the practical steps anyone can take to gain the skills and confidence necessary to become a penetration tester.

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.