Mayhem Blog

Six months ago ForAllSecure started analyzing Docker images. What does this mean? Imagine we have a user who wants us to fuzz their application. How do they give it to us? Do they tar it up? Do they give us access to an environment where it’s running?

On April 24, ForAllSecure CEO David Brumley joins Decipher Security host, Dennis Fisher, to talk about the importance of software security as well as the need for better cooperation between developers and security teams.

ForAllSecure Researcher, Mark Griffin, introduces viewers to automated coverage analysis, a workflow that helps users gain additional value from fuzzing.

ForAllSecure Researcher, Guido Vranken walks readers through his workflow for uncovering for OpenWRT remote code execution vulnerability.

Richard Bae, Director of Federal Solutions at ForAllSecure, shares the top 3 trends he and his team observed at ShmooCon 2020.

Dr. David Brumley, ForAllSecure CEO, demystifies a proven DevSecOps technique known as continuous fuzzing, and further details on how organizations can get started.

ForAllSecure Engineer Maxwell Koo walks readers through a technical case study on fuzzing open source libraries using FreeImage as an example.

ForAllSecure interns, Paul Emge and Zion Basque, uncover four vulnerabilities in Das U-Boot, a common bootloader on embedded devices, including Amazon Kindles, ARM Chromebooks, networking hardware, and more.

David Brumley, CEO of ForAllSecure, reflects on the current vulnerability disclosure process and assesses what must change in order to accommodate the rapid speed and scale at which new vulnerabilities are being discovered.