Product Hunt logo dark
  • Launches
    Coming soon
    Upcoming launches to watch
    Launch archive
    Most-loved launches by the community
    Launch Guide
    Checklists and pro tips for launching
  • Products
  • News
    Newsletter
    The best of Product Hunt, every day
    Stories
    Tech news, interviews, and tips from makers
    Changelog
    New Product Hunt features and releases
  • Forums
    Forums
    Ask questions, find support, and connect
    Streaks
    The most active community members
    Events
    Meet others online and in-person
  • Advertise
Subscribe
Sign in
Subscribe
Sign in
Mayhem by ForAllSecure

Mayhem by ForAllSecure

Mayhem Application Security

3 followers

Mayhem Application Security

3 followers

Visit website
Mayhem was purpose-built to cut through the noise of traditional application security. Combining techniques used by attackers with generative AI, Mayhem tries to break your applications thousands of times every minute so you can find and fix the risks that matter most.
  • Overview
  • Launches1
  • Reviews
  • Alternatives
  • Team
  • More
Company Info
mayhem4api.forallsecure.com
Mayhem by ForAllSecure Info
Launched in 2021View 1 launch
Forum
p/mayhem-for-api
  • Blog
  • •
  • Newsletter
  • •
  • Questions
  • •
  • Forums
  • •
  • Product Categories
  • •
  • Apps
  • •
  • About
  • •
  • FAQ
  • •
  • Terms
  • •
  • Privacy and Cookies
  • •
  • X.com
  • •
  • Facebook
  • •
  • Instagram
  • •
  • LinkedIn
  • •
  • YouTube
  • •
  • Advertise
© 2025 Product Hunt
Mayhem for API gallery image
Mayhem for API gallery image
Mayhem for API gallery image
Mayhem for API gallery image
Free Options
Launch tags:
Productivity•Developer Tools
Launch Team
Alex RebertDavid Brumley

What do you think? …

Alex Rebert
Alex Rebert
Mayhem by ForAllSecure

Mayhem by ForAllSecure

Maker
Hi! Co-founder here. Over the past year we’ve been developing a new fuzzer for web JSON APIs. Today, we're launching a free plan with up to 50 free scans per month so that solo devs and small teams, which don't often have a ton of budget, can test their APIs. To give a bit of background, a fuzzer generates random inputs and sends them to the application being tested. The fuzzer monitors the application to detect crashes. Fuzzing has been super helpful at finding bugs and security vulnerabilities, especially in memory unsafe code. libfuzzer and syzkaller are two projects that are good examples of what fuzzing can do. We've been applying some of those fuzzing concepts to web APIs. We start from a specification (OpenAPI, Swagger, Postman, or even a HAR file) as a loose grammar to generate an infinite stream of requests that we send to the API being tested. The fuzzer uses API responses to generate better requests, and to detect bugs and security vulnerabilities. This is a DAST, for those familiar with that terminology. Mayhem for API has been really good at finding internal server errors and API crashes. And we've been adding more and more security checks (SQL injection, command injection, auth bypass, SSRF, path traversal). We’ve been developing the fuzzer from scratch using Rust. Our experience with Rust has been phenomenal, and we can't recommend it enough. Rust has enabled us to move quickly & fearlessly. It makes it a lot easier to build fault-tolerant systems compared to previous systems I've built in dynamic languages, thanks to the strong typing & explicit errors in return types. Happy to chat about using Rust if you have any questions! Our product is still pretty early, and we're actively working on making it better. Our goal is to help automate some of the API non-functional and security testing as part of CI, since we know it's hard for testing to keep up with the speed of development. I would love to hear what y'all think, and if this fuzzer could help you in any way!
Report
4yr ago
Brand API
Brand API — Speed up your onboarding with 1 API call
Speed up your onboarding with 1 API call
Promoted

Do you use Mayhem by ForAllSecure?

Reviews
Helpful

You might also like

Postman
Postman
Build APIs together
Paw
Paw
The most advanced API tool for Mac
API Tester
API Tester
The easiest way to test APIs
API Diff
Diff two API versions in seconds and see what has changed
Meticulous
Meticulous
Tests are dead. Meticulous is here.
HTTPie for Terminal 2.6.0
HTTPie for Terminal 2.6.0
Making APIs simple and intuitive for makers around the world
View more
Review Mayhem by ForAllSecure?Be the first to review Mayhem by ForAllSecure