ForAllSecure, a hacker organization focused on advancing cybersecurity through research and education, announced Mayhem, an application security platform that addresses not only present challenges but also those that lie ahead.
Mayhem by ForAllSecure revolutionizes security testing – built to deliver easy, comprehensive, actionable application security to developers worldwide. The Mayhem UI comprehensively shows results across application code and APIs.
Built by professional hackers, Mayhem automatically generates thousands of tests to identify defects in apps and APIs, solving critical software vulnerabilities before the code ships for organizations’ application, API, and code security.
You can read a blog post here: https://www.mayhem.security/blog/introducing-mayhem-security.
Their site is offering the option to download and use the free version of the product now at https://www.mayhem.security/
And you can watch a video below:
ForAllSecure Announces First Dynamic Software Bill of Materials for Application Security
Posted in Commentary with tags ForAllSecure on October 4, 2023 by itnerdForAllSecure, the world’s most advanced application security testing company, today announced the debut of its runtime dynamic Software Bill of Materials (SBOM) solution for its Mayhem Security product to show organizations which components are present at runtime and further prioritize each in order of risk and speed remediation for open source and other third-party software vulnerabilities in code, saving organizations valuable remediation time and resources.
Mayhem now generates a runtime-aware SBOM of components on the application attack surface, and uses this intelligence to prioritize and filter results from Software Composition Analysis (SCA), Static Application Security Testing (SAST), and similar tools. This eliminates AppSec noise and overhead for developers, allowing them to focus on remediating real security issues.
Managing software supply chain risks is crucial in today’s security threat landscape. Open source software (OSS) saves developers time by accessing, modifying, and distributing prewritten source code. However, attackers can also target open-source software for supply chain attacks. Threats like Solar Winds and Keysa use lower-level vulnerabilities to pivot into large organizations. Latent, unpatched vulnerabilities are common within popular OSS and can have significant consequences in today’s software-dependent world.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that all software provide an inventory of open-source components and other code dependencies.
Following ForAllSecure’s release of estimated CVSS scores for each defect found to help prioritize remediation found during analysis, the new dynamic SBOM solution continues to validate and prioritize the importance of the results provided by Mayhem.
To see Mayhem’s dynamic SBOM in action, request a demo at https://www.mayhem.security/contact.
Leave a comment »