By Valentin Sajia on unsplash

DevSecOps and Shift Left are often used in the same sentence. But the difference between the two is not always clear. So in this article, I will introduce both topics and talk about their connection.

⬅️ Shift Left

In my previous article, I wrote about the core concepts of mutation testing. With this post, I will show you the mutation testing theory can be applied in practice using the mutation testing tool Vertigo.

Photo by Bit Cloud on Unsplash


To start with mutation testing, we need to do three things:

  • Install Truffle and Ganache
  • Install Vertigo
  • Get a project to test

Install Truffle and ganache by executing the following commands:

$ npm install -g truffle
$ npm install -g ganache-cli

Then install Vertigo by executing the following command:

$ pip3 install eth_vertigo

With that out of the way, the only thing left to do…

Recently I released a mutation testing tool for smart contracts on GitHub called Vertigo.

In this series of blog posts, I hope to do the following things:

  • Show you how powerful Mutation Testing is
  • Explain how you can use mutation testing in your SDLC
  • Demonstrate how you can use Vertigo on some example projects

Vertigo is accompanied by a research paper that was presented at CBT’19.

by Yves Alarie

Why Mutation Testing?

In this first post, we will review the concepts, and more importantly, the motivation behind mutation testing.

There is no shortage of stories on the security incidents that have occurred with smart contract systems…

Mythril is a cool symbolic execution tool that comes pre-loaded with several detection modules that check for bugs like integer overflows and reentrancy vulnerabilities. I’m one of the core team members of the MythX platform team; maintaining, improving, and buidling Mythril.

One of the main design goals in Mythril is to make the interaction with the analysis tool simple and effortless. In other words, you don’t have to get a PhD in computer science in order to start using and benefiting from formal methods like symbolic analysis.

Joran Honig

Security Engineer & Researcher at MythX — ConsenSys

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store