Mayhem Blog

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of appsec break up letters.

Fuzzing is the automated process of finding software bugs by feeding random data into a target program until one of those permutations reveals a flaw. Property-based testing is a form of fuzzing. Property-based testing feeds random data into an application (or function) and detects flaws. It is particularly powerful as it allows developers to define and check custom correctness and safety policies, i.e. properties they define in their test.

Confidentiality, integrity, and availability are considered the three core principles of security. Similar to a three-bar stool, security falls apart without any one of these components. Learn how fuzz testing helps with the CIA triad.

How do the current DMCA laws impact those who hack digital devices? And why doesn’t our basic right to repair our devices extend into the digital world? To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, founded secureparis.org, a group of infosec experts who are volunteering to fight for the right to repair.

Learn how to take your fuzzing targets beyond memory errors and crashes to finding correctness and even efficiency issues using Property-based fuzzing.

Some will argue they’ve been “just fine so far" with no security investments. This blog will argue there is a cost in doing nothing.

Imagine if all of the sudden satellites across the world stopped working. Services that we take for granted such as navigation, satellite imagery, weather, and even time-keeping would become unavailable seemingly without explanation. This software contained a code execution bug discovered by ForAllSecure's Mayhem.

Capture the Flag is a game, a community, and a really cool hacker culture. But will we one day stream CTFs like we do World of Warcraft or League of Legends? Whether it’s designing, or just playing, John Hammond knows a lot about the gamification of infosec through CTFs.

This post outlines the intangible values each solution delivers as cited by customers. Product justifications often focus on qualitative data. However, we find quantitative data to be equally critical for ensuring a full 360 degree examination of a selected technology’s impact across an entire organization.