Mayhem Blog

No one likes waiting for regression tests to run.  Maintaining the smallest regression test suite that still covers all the code makes sure your software pipeline is as fast as possible.  In addition, when running a fuzzing campaign to find bugs, a smaller initial test suite (aka "corpus" or "seeds") typically improves fuzzing efficiency. In this article, we describe an algorithm that gives you a 2.7x improvement.

In August 2021, Dr James Ransome hosted the Fuzzing Real Talks at FuzzCon 2021. Ransome was joined by industry experts Anmol Misra of Autodesk, Larry Maccherone of Contract Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks.

At ForAllSecure, we’re all about fuzzing and making it easier for customers to quickly fuzz and secure their applications. That’s why we’ve gone ahead and compiled a catalog of tutorial fuzzing targets written and compiled using several different languages (and architectures) like C/C++, Python, Go, Rust, Java and many others!

Organizations are increasingly adopting more security practices to ensure the quality and robustness of their applications. One of the challenges that remain unaddressed is finding unknown or zero-day vulnerabilities.

In August 2021, Brook S. E. Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. Shoenfield observed and boldly called out that breaches not only continue to roll in, but the cadence continues to increase.

Following Biden's Executive Order 14028, the National Institute of Standards and Technology (NISA) published the minimum recommendations for verification of code by developers. Mayhem can help both security engineers and developers validate many of these techniques.

What are the defenses that we have against the software vulnerabilities?

The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle.

It is important to understand that there is no 100% in security. Frankly, it is impossible to secure everything all the time. So more often than not, we're putting obstacles in front of an adversary, so they go somewhere else. That's not defeatist; that's reality.