Mayhem Blog

With functional testing, there’s a finite number of ways that a feature can be used. With non-functional testing there’s an infinite number of possibilities. Fuzz testing is an effective solution for addressing those non-functional testing challenges.

For two years Heartbleed was a zero-day in OpenSSL until fuzz testing exposed it. How many others are in the wild now? And how will we find the next one? In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen.

Find out the fundamental reasons why fuzzing is so effective, and why it remains a useful part of a secure software development lifecycle.

You’ve probably heard of bug bounties. But did you know there’s an elite group of bug bounty hunters that travel the world? Meet Stok; he’s one of them. In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters.

ForAllSecure, a pioneer in automated application security, announced today the continued innovation behind their flagship product Mayhem with the release of new reporting dashboards.

Learn why SCA and AFT are two ideal solutions for transforming your DevOps workflow to a DevSecOp workflow.

While digital voting systems today are more secure today, what about the larger ecosystem, starting from the moment you register until your vote is counted? Who’s keeping those systems secure? In this episode of The Hacker Mind, Dr. Jared DeMott of VDA Labs talks about his work securing voter registration.

In today’s post, we’ll focus on how fuzz testing can help you address those unknown vulnerabilities.

No matter how strong we build our browsers that does not prevent hackers from trying to break new things. In this episode, a security researcher explains how he successfully escaped the Chrome sandbox, and how bug bounties are perhaps a good thing resulting in better security for us all.