Mayhem Blog

Expert insights and tips on application security, API security, and other DevSecOps topics.

What’s New: August 2024

We’ve improved import/export capabilities, refined our analysis of Windows targets, and launched the first iteration of automated defect tracking.

Why Automotive Developers Shouldn't Overlook Application Fuzzing

This blog post will explore why application fuzzing is important and how it can complement protocol fuzzing in automotive development.

How to Test Embedded Systems Security Easily with Mayhem

In this blog post, we will demonstrate how Mayhem can be used to easily set up fuzzing campaigns in embedded systems, using IoTGoat’s dnsmasq as an example.

Lessons from Today’s CrowdStrike Outage: How to Navigate Software Release Challenges

Let’s talk about the challenges of delivering global scale software and the things engineering teams can do to improve reliability.

Meet the Mayhem Team at Blackhat 2024

We’re excited to announce that Mayhem will be attending and will have a booth at Black Hat 2024. We look forward to connecting with you!

Code Security

Your AST Guide for the Disenchanted: Part 4

In today’s post, we’ll focus on how software composition analysis can help you address those known vulnerabilities.

The Hacker Mind Podcast

The Hacker Mind Podcast: Hacking With Light And Sound

If you think hacking only involves the use of a keyboard, then you’re probably missing out. What about using light? What about sound? The Hacker Mind talks with University of Michigan's Dr. Kevin Fu.

Code Security

Your AST Guide for the Disenchanted: Part 3

In our previous post, we discussed that the key ingredient to a true DevSecOps process is accurate testing. In this post, we’ll share how to implement an accurate application security testing program that effectively manages risk, while protecting developer productivity.

The Hacker Mind Podcast

The Hacker Mind Podcast: Why Are Blue Team Hackers More L33T?

This The Hacker Mind podcast defines red teams, blue teams, even purple teams, and discusses how hiring professional hackers is now a business necessity.

Code Security

Your AST Guide for the Disenchanted: Part 2

Can machines make cybersecurity decisions autonomously? Accurate testing allows vulnerability detection to be done at machine speed, scale, and automation.

Code Security

Your AST Guide for the Disenchanted: Part 1

In this blog series, we’ll chronicle the top challenges of incorporating application security testing in DevOps workflows. We’ll also unpack how organizations are addressing these challenges.

Code Security

CVE-2020-15359: VDALabs Uses Mayhem To Find MP3Gain Stack Overflow

Researchers from VDALabs use ForAllSecure's Mayhem to find a stack overflow in MP3Gain, a vulnerability that could allow bad actors to overwrite code.

The Hacker Mind Podcast

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

What happened when the very best human hackers at DEF CON 24 CTF played a computer reasoning system named Mayhem? Can a machine think like a hacker?

Code Security

Learning About Structure-Aware Fuzzing and Finding JSON Bugs to Boot

Learn how to build a structure-aware fuzzer, when it is useful, and how the author found a bug in his first week of fuzzing using this technique.

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.