By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution
David Brumley, ForAllSecure CEO, shares how organizations can autonomously check the world’s software for exploitable bugs with behavior testing, a next-generation DAST technique.
The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley
Learn how autonomous security enables organizations to implement data-driven rubrics for determining whether applications are secure enough for production.
Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley
Open Source Security Podcast helps listeners better understand security topics of the day. In this episode, David Brumley reflects on the ForAllSecure DARPA CGC win and how it offers a glimpse into the future of autonomous security.
Top 5 Takeaways From The “ForAllSecure Makes Software Security Automous” Livestream
In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms.
A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology
Learn how we sought to uncover the right solution to address the persistent software security issues that have existed in the market for over two decades. We began our research in a university lab, where a brand new technology was born...
Applying Cyber Grand Challenge Technology To Real Software
Looking at the history of reports, objdump was ripe for additional fuzzing enhanced by symbolic execution. Most of the bugs visible to existing fuzzing tools were already found and patched. If any more bugs were to be discovered by Mayhem, this would be a great indicator that Mayhem can find things other tools cannot.
LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution.