Why Building a Modern AppSec Program is Vital for Digital Business
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
Read about application security, DevSecOps, license compliance, and software supply chain security.
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
With a fresh example from Mend, discover how mentoring partnerships provide benefits that exceed individual growth by fostering a deeper understanding of how other parts of the organization work and how people can work better together.
Join Jeffrey Martin, VP of Outbound Product Management at Mend, and guest speaker Janet Worthington, Senior Analyst at Forrester as they discuss the state of application security today in a constantly changing environment.
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
It’s a common claim from many companies that their people are their most valuable asset. What’s less common, however, is the evidence to back this up. But at Mend, we have matched our commitment to our teams with learning and development opportunities to support the personal and professional growth of our Menders. As the company...
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
Attend this webinar to learn more about how software composition analysis (SCA) works and how recent advances have made SCA easier than ever to use.
The White House and the Executive Office of the President of the U.S, issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.
Daniel Elkabes, Mend’s vulnerability research team leader, sets out what he considers to be the four critical areas every cybersecurity leader should be investing in now to help set their team up for success.
In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.
Automating AppSec could prove tremendously helpful, but many security teams are slow to trust automated tools. These three questions can help cybersecurity professionals embrace automation without increasing risk.
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mend marks Women’s Equality Day by describing how the company meets the challenge of equality with its “Ready to Grow” program, and the success it has achieved so far in promoting equality in leadership and opportunities for women and others
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Discover how Mend has accelerated and automated the production of SBOMs with an API
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
Discover how you can use just one interface to find and fix open source and proprietary code security issues, and how to reduce the time it takes to fix issues, so no time is wasted researching.
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
A recent attack flooded npm with crypto-mining packages that mine Monero when installed with default configuration.
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
...to focus on what they do best: code. The best practice for keeping your projects on GitHub secured is automating dependency management. The average Java library contains over 100 individual...
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation...
Learn about the importance of a cloud security architecture, the main risks you should consider when building it, and key principles to guide your work.
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.