Mayhem is a powerful Dynamic Security Testing framework that provides automated testing and analysis to find critical security bugs, thereby preventing potential exploitation by attackers. All software vulnerabilities that Mayhem finds have a corresponding test case and there are no false positives.
Integrating Mayhem into your DevOps or DevSecOps process can provide high levels of software assurance and help produce stable and secure software.
This training is offered free of charge to Federal employees and Federal contractors.
All attendees who complete both days of training and all lab exercises will receive a Certification of Completion of the Fuzzing Essentials course, issued by ForAllSecure.
- An understanding of Linux and the ability to use Linux. We assume all participants can use the command line to run programs, set environment variables, edit scripts, etc.
- Moderate C programming experience within Linux. Participants should be able to understand C source code, edit source code with either vim, emacs, or nano, and compile code in Linux.
- Background in binary analysis and vulnerability research is preferred but not required.
In this training course, you will learn how to use Mayhem, a tool for automatically checking software for critical security bugs with zero false positives.
Mayhem performs dynamic analysis, which means it runs the program to find bugs, vulnerabilities, and other issues we refer to as defects. Mayhem runs on the program binary executable, and not the source code, to ensure that all defects found are in the code that executes, not just the source code that was compiled.
Questions or comments? Contact [email protected]