Mayhem Blog

The Application Security Testing market is highly fragmented. From SAST to DAST to SCA to IAST to RASP, what is the best? Our answer: Autonomous testing through fuzz testing and symbolic execution.

DevSecOps is enabling the Department to develop quickly and securely, so organizations can continuously meet critical and urgent needs of the warfighter.

Aerospace must continually and proactively find and fix security and safety issues. Learn how to achieve DO-356A / ED-203A compliance.

In this blog, we’ll walk through the spectrum of risk and the types of solutions that are strongest at addressing each risks.

In part three of the series, I will discuss the role of test and evaluation in your organization.

Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit.

Part one of a three-part series. Applications contain hundreds of code components. Applications are constructed similarly to automobiles: parts are sourced from multiple vendors to produce software that is then used by the consumer.

Some may remember NCSA HTTPd, a predecessor to Apache. However, what they might not know (but won't be surprised by!) is that it had plenty of bugs. Let's dive in and reproduce a classic command injection with fuzzing!

The is part three of a three part series on Property-based Fuzz Testing. This article lists a number of useful properties that are commonly used to validate the correctness and safety of code. If you are not sure how to apply property-based fuzzing to your code, this list should give you some inspiration.