How do I qualify my targets? Should I use Mayhem on everything?

Hello again. Any advice on how I should qualify my targets? Should I use Mayhem on everything or only on targets that are appropriate? How do I know which targets are good for Mayhem?


The short answer here is to run Mayhem on everything! The longer answer is to start with your application’s attack surfaces and the simplest targets first, incrementally adding more targets until Mayhem can fully test your application’s functionality.

In terms of target qualification, you need to identify the attack surfaces of your application first. For example, if you have a web server, it’s likely more important to analyze your application while it’s accepting requests on port 80 or port 443 because an attacker just needs to have network access to the server to exploit it if there’s a vulnerability.