Mayhem Blog

With Google’s recent decision to change the lock icon, I’ve been spending a lot of time thinking about TLS/SSL - and certificate transparency in general. In this blog post, I’ll explore both how Certificate Transparency is helpful and the downsides, including the way it shares users' information and the rise of beg bounties.

Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not? Mark Lance, the VP of DFIR and threat intelligence for GuidePoint Security, provides The Hacker Mind with stories of ransomware cases he’s handled.

In this blog post, we'll delve into the five essential boxes that your DevSecOps tools need to check.

There are a lot of options for software security testing tools. How do you know which ones are right for you? In this blog post, I'm going to cover a simple two-step process that will allow you to pick the best software security tool for your organization.

Learn what regression testing means, how it affects security, and three reasons why modern teams need regression testing to complement other security testing strategies.

This blog post explores the DevSecOps best practices that development teams can use to ensure that security is ingrained in the development process.

Small to Medium Business are, today, the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis. Chris Gray of Deepwatch talks about the view from the inside of a virtual SOC.

Why do false positives occur in software testing, and what can teams do about them? This article discusses those questions by explaining common causes of false positives and how to mitigate them.

“Life at ForAllSecure” is a Q&A series dedicated to our growing company. For this month’s profile, we talked with Robert Vamosi, Director of Product Marketing at ForAllSecure and the host of our popular podcast, “The Hacker Mind”.