Risks Faced by Cloud-Native Apps and How to Assess Them
Cloud-native applications are at particular risk from vulnerabilities in their code. Discover why and how you should assess these risks in order to reinforce your security.
Choose Your Type
Choose Your Topic
Our Latest Content
A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
DevSecOps Roundtable Discussion
Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...
Shift-Left Testing and Its Benefits
Learn what shift left testing means, how it can save you time and costs, and why you need to shift left your open source components’ management.
Announcing Mend SCA for Bitbucket Cloud Integration
Mend’s new integration with Bitbucket Cloud brings smart, automated risk reduction to DevOps teams with ultra-fast rollouts and 100 percent adoption rates.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Building a Modern AppSec Program: AWS-Mend Fireside Chat
Discover what a good AppSec program should look like and the best practices to implement it, according to Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite.
Why Your DevOps Platform Needs a Security Partner to Safeguard Your Software
Discover why your DevOps platform should be complemented with a security solution, learn how to achieve this, and find out how Mend’s partnership with CloudBees delivers security that safeguards your code, software, and applications.
DevSecOps – All You Need To Know
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Modern AppSec Programs Run on Automation
Learn why automation is a critical element of modern application security programs.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Software Security Challenges & Opportunities in Banking
The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...
It’s Cybersecurity Awareness Month–So Let’s Talk Automation and Home Security
For Cybersecurity Awareness Month, we take a closer look at using automation to improve AppSec, as well as how to safeguard the devices you use at home.
Modern AppSec Moves Beyond Shift Left to Shift Smart
To adopt the second principle of modern application security programs, IT teams must move beyond shift left to and learn how to shift smart.
Meticulous Prep and Planning–A Linchpin of Modern AppSec Programs
Explaining the first principle of modern application security programs: meticulous prep and planning.
To use rest_client, or to use rest-client, that is the question
Mend Research uncovered an unusual attack in RubyGems that exploited a previously existing package with a significant number of downloads to launch a typosquatting attack.
Vulnerability Research: Here’s How it Works at Mend
In honor of Cybersecurity Awareness Month, Mend Research Team Lead Daniel Elkabes shares a snapshot of how the Mend research team approaches vulnerability research.
Must-Know Facts About Evil-Colon Attacks
Discover what Evil-Colon attacks are, the kind of damage they can do, and what measures you can take to protect your code from them.
Why Building a Modern AppSec Program is Vital for Digital Business
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Building a Modern Application Security Strategy for an App-Run World
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
How Manufacturing Companies can Safeguard Software and Assure Robust Quality and Compliance
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Mend API Helps Make SBOMs Simple
Discover how Mend has accelerated and automated the production of SBOMs with an API
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
How attackers leverage example apps/reproduction scripts to attack OSS maintainers
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
How to Conquer Remote Code Execution (RCE) in npm
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
A Brief Guide to Cloud-Native Applications, Technology, and Security
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...