How Mayhem Has Found Over 100,000 Defects in Code

Mayhem is a developer-first app and API security testing solution that combines several security testing techniques to create a one-of-a-kind, extremely effective DAST solution. Symbolic execution, advanced fuzzing, machine learning, and more allow Mayhem to systematically test applications for deep defects. Mayhem was built by hackers and designed to automate the steps that hackers use when attempting to attack software.

With its advanced security testing techniques, Mayhem automatically generates and runs thousands of tests per minute. Mayhem has found over 100,000 defects in code. In this blog post, we’ll discuss different techniques Mayhem uses to test code like a hacker and find defects at scale.

‍

1. Fuzz Testing

Fuzz testing, also known as fuzzing, is a dynamic software testing technique aimed at identifying vulnerabilities and defects in software applications. It involves subjecting a program to a barrage of inputs, often generated randomly or semi-randomly, in order to provoke unexpected behaviors and trigger crashes, memory leaks, or security vulnerabilities. 

Fuzz testing helps uncover hidden flaws that might not be evident through traditional testing methods, enabling developers to identify and rectify potential weaknesses, enhance overall system robustness, and ultimately improve the security and stability of the software.

Guided fuzz testing, a refinement of traditional fuzzing, is a popular DAST tool among security researchers. Known for its ability to find defects before attackers, guided fuzzing combines random input generation with intelligent feedback mechanisms. Unlike purely random fuzzing, guided fuzz testing employs different techniques to guide the generation of inputs towards specific code paths or sensitive areas within the software. 

By iteratively analyzing the code's response to generated inputs and directing the fuzzer to explore uncharted execution paths, guided fuzz testing increases the likelihood of discovering intricate vulnerabilities, improving test efficiency, and aiding developers in pinpointing and addressing critical security and stability issues within their software systems.

The problem with traditional guided fuzzing is that, unless you have an automated solution like Mayhem, it requires deep technical expertise. Mayhem uses advanced, automated fuzz testing techniques. Unlike guided fuzzers, Mayhem is intelligent, so it doesn't need an expert. Mayhem systematically navigates through functions automatically, finding and proving defects without breaking programs. 

‍

2. Symbolic Execution

How is Mayhem able to do what once required an expert? Mayhem combines fuzzing with a proprietary symbolic execution technology. 

Symbolic execution systematically analyzes and explores the various execution paths of a program by representing inputs and variables as symbolic expressions rather than concrete values. By tracking the program's behavior symbolically, Mayhem unlocks the exploration of all possible paths and conditions, even those that might be difficult to reach through traditional testing methods. 

With the guidance of symbolic execution, Mayhem is able to produce thousands of new test cases that are more likely to uncover unknown defects. Over time Mayhem works its way deeper into new areas of the runtime code, consistently delivering accurate quality results. 

‍

3. Machine Learning

Machine learning is used extensively in software development across a range of applications. The power of Mayhem lies in machine learning, which enables it to learn about its target over time. 

Mayhem uses machine learning algorithms to analyze the behavior and outcomes of previous runs, learning patterns of crashes, memory leaks, and other anomalies that indicate potential vulnerabilities. These learned patterns are then used to autonomously generates test cases that better explore the software's weaknesses

This approach, known as "smart" or "intelligent" fuzzing, optimizes the exploration of the software's execution paths by focusing on the areas that have historically shown higher susceptibility to defects. Self-learning algorithms continually expand test coverage, and dynamically test parts of your code often missed by static analysis. 

‍

4. Automated Triage and Reproduction 

When you're scaling with speed, accuracy is necessary. Mayhem solves the problem of false positives by automating triage and reproduction, making sure every result is actionable, reproducible, and prioritized for you.

Automated reproduction validates and recreates identified vulnerabilities in a controlled environment, allowing development  teams to observe the behavior and confirm the existence of issues. This ensures that the vulnerabilities are real and makes it easier for developers to understand and fix the underlying issues.

Once a vulnerability is detected, it is categorized and prioritized based on its severity, potential impact, and exploitability. This classification enables security teams to focus their attention on the most critical vulnerabilities, ensuring that resources are allocated to address the most pressing threats first.

By automating these stages, organizations can accelerate the identification of vulnerabilities, reduce the time required for manual analysis, and enhance the accuracy of their findings.  

‍

5. Regression Testing

Mayhem uses regression testing to ensure that your fixes stay fixed. Regression testing focuses on verifying that recent code changes or updates to an application maintain the existing functionality and don’t inadvertently introduce new defects. 

Regression testing aims to catch any unintended side effects that might come up as a result of code modifications by running a suite of previously executed test cases against the updated codebase to ensure that both new and old features continue to operate correctly and cohesively.

By doing this, regression testing helps prevent the recurrence of previously resolved bugs, even after enhancements or modifications have been implemented.

‍

Elevate Your Security Testing With Mayhem

Our goal with Mayhem is to get developers back to doing what they do best: creating exceptional software. Mayhem easily integrates into your build pipeline and runs continuously in the background. So go ahead, add a little Mayhem to your DevSecOps. We’ve got your code security covered. 

‍

{{code-cta}}

‍