Mayhem 2.6 is Now Available

Fun fact: The majority of our customers expand their use of Mayhem within the first year—bringing on more teammates, testing more applications, and fixing more defects. To ensure our customers (current and future) can continue to seamlessly expand their use of Mayhem, the team’s been hard at work enhancing Mayhem’s performance. 

If there’s a theme to Mayhem 2.6 it’s about scalability and speed—making analysis run faster, prioritizing untested code, and enhancing how Mayhem creates an initial profile of an application being tested. 

We’ve also kicked off work on making it easier to prioritize and remediate issues found in Mayhem, an effort which you’ll see more of in the months to come. Below, we’ll cover some of the key features of Mayhem 2.6 and how you can get started seeing them in action. 

‍

Symbolic Execution Improvements for Faster Coverage

‍

Mayhem’s symbolic execution engine ensures your applications are constantly being tested for unknown behaviors. It’s designed to search out untested code paths and optimize test creation based on expanding coverage. 

In Mayhem 2.6, we’ve updated the symbolic execution engine to build an initial coverage model based on any fuzzing corpii or unit test suites provided to Mayhem on the first run. This model then informs where Mayhem’s symbolic execution starts work. As a result, Mayhem generates tests of previously uncovered code first—expanding coverage faster, and prioritizing the unknown issues manual testing and static scans miss. 

‍

Intelligent CVSS Scoring for Unknown Vulnerabilities

Mayhem has been calculating defect severity behind the scenes for a while as part of its automated triage feature. With Mayhem 2.6, we’re exposing the behind-the-scenes magic to show you a projected CVSS for every identified defect. 

Skip prioritization and get right to remediation. Mayhem uses knowledge of past attacks against similar applications and CWE types to calculate an estimated CVSS for each defect found—then displays this to you, grouping defects using the CVSS 2.0 thresholds. 

Our intelligent CVSS scoring helps you prioritize not only within Mayhem, but also when reviewing Mayhem’s results alongside SCA scans or other CVE-oriented application security tools. This gives you a better holistic view of your application security risk posture.

‍

Up to 5x Faster Testing on Average

Mayhem’s generative AI and portfolio of test engines are powerful—it’s why our customers choose us to help them deliver safe, secure applications at massive scale. 

It’s not just about the quality of the results (although we think zero false positives is pretty great) —it’s about delivering results fast, and making sure that Mayhem doesn’t block delivery of new functionality and improved services. 

That’s why we’re always investing in performance improvements to Mayhem’s generative AI and analysis engine. With Mayhem 2.6, we’ve overhauled significant parts of how we ingest applications and build tests. Have a single test case that’s an entire mobile application? No problem. Have an application comprising services in seven different languages? We can’t wait.

In real-world terms, what this means is customers with instrumented targets can expect an average of 2-5x faster startup times. Overall, our internal testing benchmarks Mayhem 2.6 as between 200-400% faster when testing applications than Mayhem 2.5. 

Of course, if you’re new to Mayhem, you won’t feel the thrill of increased speed—you’ll just be astonished how fast you’re finding defects in your applications. 

‍

Improved Support for On-Premise Deployments

Mayhem tests the behavior of critical applications thousands of times a minute using a portfolio of algorithms (yeah, it’s AI, we’ll admit it) that generate intelligent tests to find unknown defects. 

Many of our customers rely on our infrastructure to do the heavy lifting. Our cloud native architecture is tuned to Mayhem’s needs and automatically scales up capacity to ensure rapid throughput. 

Our promise to customers is that Mayhem works for you. What that means for some customers is that they want Mayhem running in their environment—whether that’s an air gapped installation or their own private cloud. This isn’t a new thing—some of our first customers ran Mayhem on bare metal appliances. 

Now, with Mayhem 2.6, we’ve brought some of the improvements that formerly were limited to our environment to any instance of Mayhem. Improved support for running Mayhem in your AWS cloud, API testing results in the same web console, SSO enhancements, and more updates to bring Mayhem on-premise to parity with the latest and greatest running in our cloud.

‍

And More…

These are just a few of the features now available in Mayhem. For more details, check out the full release notes, or get in touch with our team for a personalized demo.

‍

{{code-cta}}

‍