Securing Open Source Software Hackathon

UC Santa Cruz, Jack Baskin Auditorium 101
April 22nd, 2023 | 11:30am - 6pm PST

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Registration is now closed.  Thank you for your interest, and join us on Discord to learn about upcoming events.

At ForAllSecure, we’re on a mission to secure open source software, by finding and fixing defects before hackers can exploit them.  We’re coming to UCSC and looking for heroes to join our cause. Spend a Saturday afternoon with us and push your computing skills into the real world.

At minimum, lunch is on us. We'll teach you how to do a fuzz test with Mayhem, and after you fill out a short survey we'll pay you $100.  Students who successfully integrate Mayhem into an open source project can be eligible for up to $1,000.

What you will learn:

  • Fundamental DevSecOps concepts and best practices
  • Using Docker and Github Actions as part of your development process
  • Testing applications for defects with Mayhem

Questions or comments? Contact [email protected]

Registration is closed

By the end of this course, you will learn how to:

  1. Understand the science behind Mayhem, specifically:
    1. Understanding dynamic analysis, its importance in software security and how it compares to static analysis.
    2. Defining fuzzing and how Mayhem uses fuzzing to generate inputs to find defects and test a program.
    3. Defining what code coverage is, and why it is measured.
    4. Learning about symbolic execution, a powerful dynamic program analysis technique rooted in formal program analysis.
    5. Formulating how Mayhem combines these techniques for an efficient and user-friendly approach to dynamic analysis.
  1. Run Mayhem on executable (aka “binary”) programs, specifically:
    1. Understand the Mayhem workflow and UI
    2. Package up applications for Mayhem analysis
    3. Run continuous testing on new revisions of software
    4. Identify code that is Mayhem-compatible
    5. Focus Mayhem on specific code regions of interest.

This course has a strong lab component, where participants will interact with Mayhem. Answers for each section will be provided with explanations and references so that users may walk through the labs at home without instructor assistance.

Mayhem Outline 01 crop.png

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Left Column

Lorem, ipsum dolor sit, amet consectetur adipisicing elit. Accusamus animi nisi sunt fugiat adipisci praesentium rerum explicabo, nostrum, vel porro rem unde, cum ut repudiandae iste, amet ad. Iure, iste!

Totam esse aut perspiciatis autem nam, debitis:

  • Obcaecati quae odio ut recusandae officia, in, vitae esse quidem blanditiis sit, nostrum neque nulla vero aliquid tenetur suscipit dolor ea voluptate.
  • Accusantium, officiis asperiores impedit nam! Reiciendis assumenda illo, vel tempore, iusto animi.
  • Quo asperiores ad quidem consectetur error perspiciatis ullam repellendus.
  • Est alias tempore, assumenda quaerat ullam, consequatur, quo aliquid quos officiis doloremque sed animi reiciendis rerum delectus voluptas dolorem aspernatur in. Odit!
  • ui quo praesentium voluptatum delectus sequi.

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Left Column

Quasi qui ducimus fugit eos odit tempora ex nulla tempore, placeat accusantium, explicabo ratione rem voluptatum itaque alias deserunt exercitationem neque dolores repudiandae corporis, quas nemo nostrum debitis. Repudiandae nobis cumque nesciunt iste, dolorum sapiente, impedit nihil voluptatibus, eligendi nisi qui libero commodi magnam.

Right Column

Top content area. Lorem ipsum dolor sit amet consectetur adipisicing elit. In molestiae esse, sit accusamus ab doloremque tempora maiores officia, odit atque.

Form Header

Form description, sit amet, consectetur et nisl adipiscing elit.

[Form Here]

Bottom content area. Lorem ipsum dolor sit amet, consectetur adipisicing elit. Nostrum inventore magni facilis suscipit odit unde rerum temporibus nesciunt illo tenetur.

Quad Section

Quad 1 Title

Lorem ipsum, dolor sit amet consectetur adipisicing elit. Temporibus, et, excepturi atque nisi commodi iusto ipsum illum fugit hic necessitatibus similique eum doloremque repellendus nostrum fuga, quod? Neque, amet, ea.

Quad 2 Title

Lorem ipsum dolor sit amet consectetur adipisicing elit. Quaerat dignissimos libero quibusdam adipisci deleniti quae quidem temporibus aliquid sunt. Earum repellat officia, nesciunt dolorem ipsum temporibus aspernatur illo non iusto!

Quad 3 Title

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Quos, ab, aspernatur nemo neque omnis architecto modi id dolores alias quaerat quod similique consequuntur, dolore aperiam autem delectus! Dignissimos, fuga, ratione?

Quad 4 Title

Lorem, ipsum dolor sit amet consectetur adipisicing elit. Aspernatur aut enim, odio vitae incidunt deleniti sit voluptatibus, reiciendis molestiae! Dolorem ratione tenetur, aliquid temporibus sunt laborum optio possimus harum ea.

"Mayhem allows our engineers to easily get started with fuzz testing and find software flaws without knowing much about fuzzing. The learning curve of new tools can be steep, and Mayhem made it as frictionless as possible for our engineers to start finding bugs and gain more assurance in our software."

Evan Johnson, Head of Product Security at Cloudflare

“Mayhem’s fuzzing tech is unlike any platform I’ve worked with before -- in the best ways possible. Through their native symbolic execution engine in conjunction with their fuzzers, we can feed native binaries that run at our edge and perform behavior analysis at scale."

David Haynes, Security Engineer at Cloudflare

"Integrating Mayhem into our development process was a breeze, only taking a few minutes to configure and deploy. With great documentation and advanced features not normally found in other platforms, such as network target fuzzing, Mayhem allowed us to easily expand automate testing that would have taken significantly more effort with other solutions"

Alessandro Ghedini, Systems Engineer

Named to

Winner of

Showcased at

Speakers Section

David Brumley
CEO and Co-founder
David co-founded ForAllSecure to automatically check and protect the world's software. ForAllSecure's products are based upon over 10 years of his research in program analysis.
Alex Rebert
Co-founder and Head of Innovation
Alex is a computer security researcher, specializing in automated program analysis and bug finding.
Thanassis Avgerinos
Co-founder and VP of Engineering
Thanassis is an expert in program analysis, testing, and software security with over a decade of operational and academic experience.
Jeff Whalen
VP of Product
Jeff brings more than a dozen years of product experience to ForAllSecure, where he serves as the Vice President of Product Management.
Jonathan Doe
Title Here
Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda recusandae tenetur quae amet itaque omnis? Modi, rem voluptates, corrupti quisquam quia eum laborum exercitationem fuga tempora dicta quaerat animi asperiores!
Jonathan Doe
Title Here
Lorem ipsum, dolor sit, amet consectetur adipisicing elit. Doloribus aliquam quisquam soluta molestias architecto temporibus, omnis cupiditate perferendis aut est saepe iste harum odit, atque quod nam cumque dolore error.