Mayhem Blog

In the age of SaaS applications and infrastructure, many architectures are designed around being API-first for managing data ingestion and retrieval. Unfortunately, with this ever increasing critical infrastructure most application testing solutions are not up to the challenge of testing APIs.

At ForAllSecure, we’re all about fuzzing and making it easier for customers to quickly fuzz and secure their applications. That’s why we’ve gone ahead and compiled a catalog of tutorial fuzzing targets written and compiled using several different languages (and architectures) like C/C++, Python, Go, Rust, Java and many others!

Following Biden's Executive Order 14028, the National Institute of Standards and Technology (NISA) published the minimum recommendations for verification of code by developers. Mayhem can help both security engineers and developers validate many of these techniques.

I thought it’d be interesting to see what Mayhem produces in the hands of someone who knows the target API in and out -- my own.

Last week, I found and fixed two crashing bugs in etcd , the distributed key-value store used (among other things) to manage the state of kubernetes clusters. I’m excited to have been able to contribute a bit to such an excellent project!

Our CLI runs on your dev machine and can scan local APIs. The central tool to develop software as a team is a Source Code Management system like GitHub.

Postman Collections are a great way to document, test, and share your APIs. With Mayhem for API, you can squeeze even more testing out of your existing Postman collections.