Mayhem Blog

In this blog, we’ll walk through the spectrum of risk and the types of solutions that are strongest at addressing each risks.

In part three of the series, I will discuss the role of test and evaluation in your organization.

Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit.

Part one of a three-part series. Applications contain hundreds of code components. Applications are constructed similarly to automobiles: parts are sourced from multiple vendors to produce software that is then used by the consumer.

Some may remember NCSA HTTPd, a predecessor to Apache. However, what they might not know (but won't be surprised by!) is that it had plenty of bugs. Let's dive in and reproduce a classic command injection with fuzzing!

The is part three of a three part series on Property-based Fuzz Testing. This article lists a number of useful properties that are commonly used to validate the correctness and safety of code. If you are not sure how to apply property-based fuzzing to your code, this list should give you some inspiration.

Fuzzing is the automated process of finding software bugs by feeding random data into a target program until one of those permutations reveals a flaw. Property-based testing is a form of fuzzing. Property-based testing feeds random data into an application (or function) and detects flaws. It is particularly powerful as it allows developers to define and check custom correctness and safety policies, i.e. properties they define in their test.

Confidentiality, integrity, and availability are considered the three core principles of security. Similar to a three-bar stool, security falls apart without any one of these components. Learn how fuzz testing helps with the CIA triad.

Learn how to take your fuzzing targets beyond memory errors and crashes to finding correctness and even efficiency issues using Property-based fuzzing.