Mayhem Blog

When executing the target in the context of a dynamic analysis, Mayhem employs mechanisms that first identify the root cause of a potential issue and then try to resolve it by intelligently providing different configuration values.

In this post, we’ll look at bringing Mayhem into a Jenkins pipeline using both Mayhem’s command line interface (CLI) as well as using Mayhem’s Docker image.

When using Mayhem, there are a few best practices the ForAllSecure team recommends to account for branches.

Mayhem for API comes with a GitHub Action and a GitHub App to help you check every change to your API for reliability and security issues.

Mayhem can run on the cloud, but, when you're testing critical/sensitive/confidential code, you can make it more difficult for malicious actors to access Mayhem's findings by deploying it on-prem.

If you are using Circle CI for your build pipelines, you can now scan your APIs for security vulnerabilities by adding Mayhem's official orb.

Try API fuzzing with the Swagger Petstore API, a stand-alone REST API server that implements the OpenAPI 3 Specification. Learn how to fuzz the Pestore API!

Learn how to improve successful coverage with Mayhem for API by adding or refining schemas in the spec to generate structurally valid payloads.

Lighttpd is an open-source web server optimized for speed with considerations for compliance, security, and flexibility. Lighttpd 1.4.15 had a few vulnerabilities that have since been patched. Let's use Mayhem to sniff out those bugs.