Mayhem by ForAllSecure

Additional Info

CompanyForAllSecure
Websitehttps://forallsecure.com
Company size (employees)50 to 99
Headquarters RegionNorth America

Overview

Mayhem is an autonomous application security platform for fast-moving development teams. It generates and runs thousands of tests against code and APIs and learns from each result to continually increase coverage. Mayhem uncovers bugs and vulnerabilities across every layer of applications, and gives developers verified, reproducible results so they can fix issues faster and ship safer applications. Teams at Cloudflare, Roblox, and the Department of Defense rely on Mayhem to identify and fix issues at machine speed and global scale.

The technology behind Mayhem
Mayhem combines well known appsec techinques (like fuzz testing) with machine learning algorithms that create and execute thousands of tests every minute. These also continually prune duplicative tests and create additional inputs to expand API coverage. This combination of techniques helps quickly test APIs against real-world conditions and global scale to pinpoint issues before they arise.

How Mayhem Fits in the Development Lifecycle
Mayhem’s continuous, ML-driven testing runs against feature or main branches to constantly uncover new issues. A test case for each issue is delivered to developers, who then leverage these minified test suites to verify fixes earlier in the development process, typically upon commits to working branches.

How we are different

- Mayhem performs exhaustive testing of APIs. While many API Security solutions are focused on configuration verification, or stop at the OWASP Top 10, Mayhem goes beyond this - performing thousands of tests that examine API responses to identify security issues - as well as performance and reliability concerns that could be exploited by third parties. This helps identify risks outside of known vulnerabilities or misconfigurations, allowing teams to harden and improve APIs before shipping them - instead of after an attack.
- Traditional web app / api security solutions have a high false positive rate - 45% on average (https://www.fastly.com/web-application-and-api-security-tipping-point). Mayhem delivers a copy/paste reproduction for every issue found, so developers can pinpoint the bug or vulnerability instead of wasting time sorting through false positives.
- With minimal (or no) initial input, Mayhem will generate and execute thousands of tests, and use each result to improve test coverage while also optimizing the overall test suite for performance. This vastly reduces the burden of testing for developers - who can bypass manual test creation and test suite maintenance. Developers thus have more time to fix issues, and deliver features.