SAST – All About Static Application Security Testing
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
Read about application security, DevSecOps, open source license compliance and audit
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
Mend Diffend detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
Key information about a severe flaw (CVE-2021-44142) in the popular freeware, Samba, which enables remote attackers the ability to execute arbitrary code with the highest privileges on affected installations. Discover how it works and how Mend thwarts it.
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.