Mayhem Case Studies

This post outlines some of the techniques used to identify the vulnerability CVE-2022-36086 in RustOS and how Mayhem helped discover it.

Over the last several weeks, we’ve made a number of updates to both our flagship Mayhem for Code product and Mayhem for API. Let’s take a look at each.

When executing the target in the context of a dynamic analysis, Mayhem employs mechanisms that first identify the root cause of a potential issue and then try to resolve it by intelligently providing different configuration values.

In this post, we’ll look at bringing Mayhem into a Jenkins pipeline using both Mayhem’s command line interface (CLI) as well as using Mayhem’s Docker image.

When using Mayhem, there are a few best practices the ForAllSecure team recommends to account for branches.

Mayhem for API comes with a GitHub Action and a GitHub App to help you check every change to your API for reliability and security issues.

Mayhem for Code helps developers save time by eliminating the need to manually write test cases and comb through false positives, as well as helping find and fix vulnerabilities before software is released.

Sometimes complex technology doesn't necessarily raise the barrier for entry for cyber criminals. Sometimes, as with our cars, it does the exact opposite.

Mayhem can run on the cloud, but, when you're testing critical/sensitive/confidential code, you can make it more difficult for malicious actors to access Mayhem's findings by deploying it on-prem.