New Reporting Dashboard in Mayhem
Today, we are excited to announce new innovation behind our flagship product Mayhem with the release of new reporting dashboards. Historically, application security testing solutions have struggled to convey the results of time, resources, and effort spent to improve application security. New reporting capabilities enable security professionals to communicate meaningful metrics on business risks posed by testing gaps within an organization’s application portfolios.
The latest iterations on the Mayhem dashboards aim to quickly and visually communicate an organization's progress in delivering safe, secure, robust applications. “We wanted our users to be able to access the critical information they need to make intelligent decisions. It starts with giving them an intuitive top level view that draws them to relevant and engaging results they can dig into. We wanted that workflow to be as efficient as possible and those goals powered our designs.”, says Sabah Rahman, Lead UX Designer at ForAllSecure.
Jeff Whalen, VP of Product, calls out two dashboards in particular: the panoramic and individual test run dashboards. “The application security process is complex as there are multiple users involved throughout the vulnerability management process. We’ve spent considerable time assessing the proper balance and prioritization of data that will speak to the various users involved -- ranging from security to development to operations.”
The new management dashboard was designed by one of ForAllSecure's engineers, Julia Valenti, while the individual test run dashboards were designed by Sabah.
New Management Dashboard Capabilities Include:
Reporting isn’t about throwing up as many statistics as you can fit on a page. The Results Summary provides a human readable status on what changed over a selected time period. The summary helps users decide if they need to dig deeper or if things are progressing as expected.
Defects Found by Type
Ultimately, users are using Mayhem in order to uncover defects which cause the behaviors seen in the crashing testing cases. The Defects Summary shows all the defects uncovered by test runs, separated by type. Teams can quickly see if one defect type stands head and shoulders above the test, providing not only reactive information about what to fix, but proactive information about things to watch out for to prevent future defects.
Top Projects and Targets
The applications your teams focus on can change from week to week. With the Top Projects and Targets data, you can quickly see what projects are getting the most fuzzing attention and also double check that a particular project is getting the testing time it needs.
New Individual Run Dashboard Capabilities Include:
Code coverage of dynamic application security testing (DAST) runs is a highly desired feature. However, DAST solutions face a technical limitation due to its lack of insight into the target’s code. Despite it being a DAST solution, Mayhem is able to provide test coverage metrics at both the line coverage level as well as function coverage. This information is used by development and security teams to track and measure their current capabilities as well as make intelligent testing decisions for their next test iteration.
Mayhem delivers historical progress of an application’s security risk posture across runs with reporting on regression testing. Mayhem will automatically run all the previously generated test cases on the latest test to report if any previously crashing test cases now pass -- meaning a defect has been successfully remediated -- or if a previously passing test case now fails -- Defect found in new code. Google, a leader in the adoption of fuzz testing, shared that 40% of its bugs in Chrome are regressions. With regression test reporting, users can verify which defects are new, which were addressed, and which remain unaddressed.
Some of the best features of fuzzers are the ability to automatically test your application and generate concrete test cases for inputs that work as expected or can crash an application. However, the defects themselves are what developers need to know about to be able to remediate them. Our new run dashboard allows users to have a defect-centric view of their runs to focus on the underlying causes of crashes and expedite remediations.
ForAllSecure is committed to helping customers maintain the productivity of their developers and security professionals by introducing automated security testing. Mayhem continues to expand its capabilities so that it is able to run quietly in the background as a part of CI/CD environments.
If you are not a current ForAllSecure customer, we’d love to talk to you about these reporting capabilities and how it delivers meaningful data into your organization’s security and business risk posture. Schedule a demo to learn more about Mayhem and these new features.