Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
Historically, if organizations wanted to automate and enforce application security testing, the best place to do that was within CI/CD pipelines. As time went on, we realized that while pipeline scanning has its place in securing applications, it doesn’t scale as more and more plugins are needed and with that, the task of managing them...
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.
Mend Static Application Security Testing (SAST) technology is the first to automatically remediate security vulnerabilities as well as identify them. CEO Rami Sass explains why and how Mend launched this SAST solution, and the value it brings.
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
Mend Supply Chain Defender detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Automated Log4j Remediation Rules Now Available for Mend Renovate and Remediate.
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not an easy task. Even with the right tools and policies, mitigating this type of threat is always a challenge. In this webinar, our...
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.
When you ask developers their thoughts on security, they’ll likely tell you security is slowing them down and getting in the way of their ‘actual’ job. But it doesn’t have to be that way; with the right tools and processes in place, the friction between developers and security teams can be reduced, if not eliminated...
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.
Learn more about what Infrastructure as code (IaC) is, its benefits, and best practices for how to use this technology securely.
What are the ingredients that go into our software supply chain? Understanding why we need SBOMs.
Learn about the benefits and challenges of reporting-centric SBOMs vs. remediation-centric SBOMs.
Keep your vulnerability management plan up-to-date. Address today’s threat landscape with advanced vulnerability detection, prioritization, and remediation.
Every piece of code, module, or package has an element of risk associated with it. Learn how to evaluate and treat that risk to reduce the likelihood of failure.
A popular npm package with more than 7 million weekly downloads was compromised, bringing supply chain security into the headlines once again.
The usual methods of securing your apps are no longer enough. Here is why you need to implement zero trust in DevSecOps
Over the past years, attacks on the application layer have become more and more common. Recent research reports on reducing enterprise AppSec risks have found that the highest level of security risk is considered by many to be in the application layer. Applications remain a top cause of external breaches, and the prevalence of open...
Learn how to transform your team from DevOps to DevSecOps smoothly and successfully. Understand the benefits of making the transition to DevSecOps.
How Mend Cure’s automated remediation technology helps developers get ahead of security issues without slowing down development.
Learn how Zero Trust model can boost your software supply chain security.
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List 2021 & how to use it the right way to support your dev team.
As organizations AppSec tools and practices shift left in the DevOps pipeline, development teams are required to assume responsibility for security tasks. While this is an important step toward achieving DevSecOps maturity, integrating application security testing tools risks burying developers under a seemingly never-ending list of security alerts. How can organizations make sure that development...