SAST – All About Static Application Security Testing
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
Choose Your Type
Choose Your Topic
Our Latest Content
npm Threat Report
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack
Mend Diffend detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
CVE-2021-44142: Vulnerability in Samba Enables Bad Actors to Execute Arbitrary Code as Root
Key information about a severe flaw (CVE-2021-44142) in the popular freeware, Samba, which enables remote attackers the ability to execute arbitrary code with the highest privileges on affected installations. Discover how it works and how Mend thwarts it.
How to Fix NPM Vulnerabilities Quickly and Painlessly
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
CVE-2021-4034: A Walkthrough of Pwnkit – the Latest Linux Privileges Escalation Vulnerability
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
DevSecOps in an Agile Environment
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
Log4J: Tales from The Trenches: The State of Log4J Remediation
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
CISA Says: Generate and Audit a Software Bill of Materials (SBOM) to prepare for the next Log4j
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
Best Practices for Dealing With Log4j
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
Gartner® Report – What to Do About Log4j?
Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...
CVE-2021-44832: A New Medium Severity Vulnerability Was Found in Log4j
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.