Mayhem Blog

Fuzzing is the automated process of finding software bugs by feeding random data into a target program until one of those permutations reveals a flaw. Property-based testing is a form of fuzzing. Property-based testing feeds random data into an application (or function) and detects flaws. It is particularly powerful as it allows developers to define and check custom correctness and safety policies, i.e. properties they define in their test.

Confidentiality, integrity, and availability are considered the three core principles of security. Similar to a three-bar stool, security falls apart without any one of these components. Learn how fuzz testing helps with the CIA triad.

Learn how to take your fuzzing targets beyond memory errors and crashes to finding correctness and even efficiency issues using Property-based fuzzing.

Some will argue they’ve been “just fine so far" with no security investments. This blog will argue there is a cost in doing nothing.

Imagine if all of the sudden satellites across the world stopped working. Services that we take for granted such as navigation, satellite imagery, weather, and even time-keeping would become unavailable seemingly without explanation. This software contained a code execution bug discovered by ForAllSecure's Mayhem.

This post outlines the intangible values each solution delivers as cited by customers. Product justifications often focus on qualitative data. However, we find quantitative data to be equally critical for ensuring a full 360 degree examination of a selected technology’s impact across an entire organization.

Regression testing is the practice of re-running tests to ensure that previously developed and tested software still performs after new code commits.

This blog post explores the operating costs and ROI of three AppSec solutions comparable to fuzz testing.

Introduction Embedded applications are some of the most prolific software out there in the world. Whether it be routers, IoT devices or SCADA systems, they are very varied in architecture, use case, and purpose. Very few of these devices have security in mind when they were built.