ForAllSecure Hosts CMU Open Source Software Hackathon

Robert Vamosi
May 4, 2022
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

In early April, ForAllSecure hosted a day-long hackathon at Carnegie-Mellon University in Pittsburgh, PA. There were three main objectives:

  • Intro students to fuzz testing
  • Introduce the students to Docker
  • Introduce the students to Mayhem Free


Some of the students left after the three hours of training. However, a core group of students remained. For the next three hours they integrated Mayhem Free into various open source software GitHub repositories. The purpose is to help ForAllSecure secure open source software.

{{code-cta}}

undefined

The event kicked off with pizza and drinks. Around noon, 142 students filed into a lecture room in Doherty Hall at CMU. The  group included several walk-ins who had heard about the event from friends and decided to join in. After introductions from the ForAllSecure staff and T.A. present, the students powered up their laptops and settled in to learn. 


undefined



The first session was a training session. First students were introduced to fuzz testing. Nathan Jackson of FroAllSecure walked students through setting up Mayhem and then fuzz testing Lighttpd, an open source software project used to handle 10,000 connections on one server.  He then walked through packaging software for Mayhem and introduced Docker as one method. He then introduced a CMake example before giving the students exercises using open source fuzz testing tools such as AFL and libfuzzer.  Finally students were introduced to GitHub and were shown how to sign up for a free account so they could complete an exercise using gitHub Actions.

undefined




Students were then given several examples to work through at their own pace or in groups. T.A.s were on hand to answer questions and help the students complete the exercises.

.

undefined

After three hours, the training was done.  Students were given $100 for their time, and one student was awarded a grand prize of an XBox in a raffle. If students wanted to, and were eligible for work in the United States, they could stay and integrate Mayhem into one of the Open Source Repositories on GutHub using GitHub Actions. 


undefined



As part of the Mayhem Heroes program, a successful integration of Mayhem into an open source software project on GitHub would result in a $750 bonus. If the repository is still continuously being fuzzed 30 days later, the student would receive an additional $250.

 

Students were given two hours to complete the task in person and another week to complete it on their own. Thirty projects were completed and submitted for review.

 

undefined

By 6pm, only a handful of students remained in Doherty Hall. As the event closed down, students were asking really good questions. This process continues online on Discord and within the Mayhem Hacking Community Forum

Share this post

How about some Mayhem in your inbox?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem