Mayhem Case Studies

The is part three of a three part series on Property-based Fuzz Testing. This article lists a number of useful properties that are commonly used to validate the correctness and safety of code. If you are not sure how to apply property-based fuzzing to your code, this list should give you some inspiration.

To help more people to become penetration testers, Kim Crawley and Phillip L. Wylie wrote The PenTester BluePrint: Starting A Career As An Ethical Hacker. In this episode of The Hacker Mind, Kim talks about the practical steps anyone can take to gain the skills and confidence necessary to become a penetration tester.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of appsec break up letters.

Fuzzing is the automated process of finding software bugs by feeding random data into a target program until one of those permutations reveals a flaw. Property-based testing is a form of fuzzing. Property-based testing feeds random data into an application (or function) and detects flaws. It is particularly powerful as it allows developers to define and check custom correctness and safety policies, i.e. properties they define in their test.

Confidentiality, integrity, and availability are considered the three core principles of security. Similar to a three-bar stool, security falls apart without any one of these components. Learn how fuzz testing helps with the CIA triad.

How do the current DMCA laws impact those who hack digital devices? And why doesn’t our basic right to repair our devices extend into the digital world? To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, founded secureparis.org, a group of infosec experts who are volunteering to fight for the right to repair.

Learn how to take your fuzzing targets beyond memory errors and crashes to finding correctness and even efficiency issues using Property-based fuzzing.

Some will argue they’ve been “just fine so far" with no security investments. This blog will argue there is a cost in doing nothing.

Imagine if all of the sudden satellites across the world stopped working. Services that we take for granted such as navigation, satellite imagery, weather, and even time-keeping would become unavailable seemingly without explanation. This software contained a code execution bug discovered by ForAllSecure's Mayhem.