Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

mend

Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

Mar 31, 2022 By Daniel Elkabes In Mend

Overview The internet is abuzz with the disclosure of CVE-2022-22965, an RCE vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Known as “Spring4Shell” or “SpringShell”, the zero-day vulnerability has triggered widespread concern about the possibility of a wave of malicious attacks targeting vulnerable applications. Is this Log4j 2.0?

Read Post
mend

How To Set A Benchmark Of False Positives With SAST Tools

Mar 24, 2022 By Alfrick Opidi In Mend

Many Static Application Security Testing (SAST) tools struggle with false positives. They often report that a vulnerability is present, while, in reality, it does not exist. This inaccuracy weighs down the engineering team, as they spend productive hours triaging the false alarms. By setting a benchmark of false positives — a limit, above which is unacceptable — you can establish a point of reference or standard against which to measure the efficacy of your SAST tool.

Read Post

WhiteSource SCA Administration - User Interface Walkthrough

Mar 22, 2022 By Mend In Mend
WhiteSource provides a simple yet powerful solution for companies to manage open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. The following video is a brief overview the of user interface and some of the feature functionality within.
View Video
mend

Best SAST Tools: Top 7 Solutions Compared

Mar 17, 2022 By Adam Murray In Mend

Static application security testing (SAST) tools automatically scan the source code of an application. The goal is to identify vulnerabilities before deployment. SAST tools perform white-box testing, which involves analyzing the code based on inside knowledge of the application. SAST offers granularity in detecting vulnerabilities, providing an assessment down to the line of code.

Read Post
mend

How To Address SAST False Positives In Application Security Testing

Mar 10, 2022 By Alfrick Opidi In Mend

Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

Read Post
mend

Best Practices For Managing Ruby Supply Chain Security Risks

Mar 3, 2022 By Alfrick Opidi In Mend

Software supply chain attacks are on the rise – the attacks increased by more than 600% between 2020 and 2021. On RubyGems, the official package repository for the Ruby programming language, attackers usually take advantage of the implicit trust developers have on the gems deployed on the platform and infect them with malicious code.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.