ForAllSecure's API Fuzzer: Mayhem for API

Develop reliable APIs, faster.

Api Fuzzer

What is Mayhem for API?

Mayhem for API is an API Fuzzer that provides accurate and automated test coverage for APIs in your application portfolio. The API fuzzer was designed to be easy to use and configure, bringing the full might of fuzzing methodology to API testing without the roadblocks typically encountered.

How does it work?

Mayhem for API uses a fuzzing engine to automatically generate a comprehensive suite of inputs used to test function and robustness of an application’s API infrastructure. By using fuzzing techniques to generate inputs and observing the response from the application, the API fuzzer can quickly iterate through multitudes of test cases to find weakness in an API’s functionality or security.

As you'll see, setting up the fuzzer is a breeze: all you need to do is upload the API specification of the application to test, and a link to the target application that the fuzzer can reach to start testing. Currently, the API fuzzer provides a status of all the endpoints tested in the application, and a summary of the response codes observed with each input.

Next Steps

We have a lot planned in the future to improve and evolve Mayhem for API. We would like to thank you for joining us in the beginning of this exciting product and we look forward to learning from you and creating an indispensable part of your application development and testing practice.

Reach out!

We aim to provide a great experience. Please reach out to us on Discord or by emailing mayhem4api@forallsecure.com if you have any suggestions or run into any issues. We're more than happy to help!