Does Mayhem support both whitebox and blackbox pentests?

Hello! I’ve been looking at your tool. Can it help with both whitebox and blackbox pentests?

Aaron,

Yes, Mayhem for Code (mCode) supports both Blackbox testing and Whitebox testing. For blackbox testing, we can analyze a binary without source code using dynamic analysis. We also look to see how the binary was compiled and if the binary was compiled with hardened features like ASLR, FORTIFY_SOURCE, StackGuard, and DEP.

And, Mayhem has the intelligence to test multiple verions of the binary to determine if regressions occurred. From a whitebox standpoint, we look at crashes and vulnerabilities. We will provide the Common Weakness Enumeration (CWE) for the defects we find. We also provide a proof-of-defect test case that will allow you to reproduce the defect with the binary.

Jim
Federal Solutions Architect
ForAllSecure