Mayhem Blog

Mayhem for API supports the writing of your own plugins to guide Mayhem for API into making legitimate requests to your API.

Over the last several weeks, we’ve made a number of updates to both our flagship Mayhem for Code product and Mayhem for API. Let’s take a look at each.

When executing the target in the context of a dynamic analysis, Mayhem employs mechanisms that first identify the root cause of a potential issue and then try to resolve it by intelligently providing different configuration values.

In this post, we’ll look at bringing Mayhem into a Jenkins pipeline using both Mayhem’s command line interface (CLI) as well as using Mayhem’s Docker image.

When using Mayhem, there are a few best practices the ForAllSecure team recommends to account for branches.

Mayhem for API comes with a GitHub Action and a GitHub App to help you check every change to your API for reliability and security issues.

Mayhem can run on the cloud, but, when you're testing critical/sensitive/confidential code, you can make it more difficult for malicious actors to access Mayhem's findings by deploying it on-prem.

If you are using Circle CI for your build pipelines, you can now scan your APIs for security vulnerabilities by adding Mayhem's official orb.

Try API fuzzing with the Swagger Petstore API, a stand-alone REST API server that implements the OpenAPI 3 Specification. Learn how to fuzz the Pestore API!