Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Ensuring PCI DSS 4.0 Compliance with Feroot: A Deep Dive into Requirement 6.4.3

The Payment Card Industry Data Security Standard (PCI DSS) 4.0, issued a comprehensive set of requirements, to safeguard online payment systems against breaches and theft of cardholder data. Requirement 6.4.3 is one of the critical components for businesses that take online payment and focuses on the management and integrity of scripts on webpages that take payment card (i.e.m credit card) payments.

6 Security Risks to Consider with WebAssembly

Programs and apps are a manifestation of ideas in a digital format. If you can dream it in other languages, WebAssembly can deliver it to the browser. From games ported from Unity to PDF editing on the web and leveraging interactive data from Jupyter and Rust, WebAssembly’s use cases are countless. WebAssembly (Wasm) is gaining traction to deliver high-performance client-side code that often cannot be created or executed by JavaScript, at least not in a performant way.

Securing JavaScript: Best Practices and Common Vulnerabilities

JavaScript is the most commonly-used programing language, according to the most recent StackOverflow developer survey. While JavaScript offers great flexibility and ease of use, it also introduces security risks that can be exploited by attackers. In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks.

How to secure JavaScript applications right from the CLI

According to Snyk's 2022 State of Open Source Security report, the average JavaScript project has 49 vulnerabilities, including common ones like unsafe dependencies, cross-site scripting (XSS), weak input validation, and cross-site request forgery (CSRF). And given JavaScript's widespread use, robust security measures are increasingly important to safeguard your applications from cyberattacks.

Patient Privacy: Preventing Data Leakage in Healthcare

The healthcare industry has rapidly embraced digital technologies to enhance patient care, streamline operations, and improve communication. However, this digital transformation brings with it a significant challenge: protecting patient data. One often overlooked risk comes from tracking pixels, which can lead to (accidental) data leakage and privacy breaches.

PCI DSS 4.0 Compliance: A Guide to Requirements 6 & 11

In the ever-evolving landscape of cybersecurity, staying ahead of threats and ensuring the safety of sensitive customer data is paramount. For organizations that handle payment card information, complying with industry standards like PCI DSS (Payment Card Industry Data Security Standard) is not only a best practice, but a compliance requirement that can result in hefty fines upwards of $100,000 a month.

Node.js vs. Deno vs. Bun: JavaScript runtime comparison

JavaScript runtimes help you build advanced, server-driven JavaScript projects that aren't dependent on the user's browser to run. There are several choices of runtimes available, with the supremacy of the old stalwart Node.js being challenged by Deno and Bun. Deno is the latest project produced by the same developer who originally created Node.js, Ryan Dahl, back in 2009.

Mitigating DOM clobbering attacks in JavaScript

The Document Object Model (DOM) acts as an interface between HTML and JavaScript, bridging the gap between static content and dynamic interactivity. This function makes the DOM indispensable for modern web developers. However, the DOM has a pitfall — DOM clobbering. DOM clobbering occurs when HTML elements conflict with global JavaScript variables or functions, which can lead to unexpected behavior and a potential security loophole in your web application.

How to generate an SBOM for JavaScript and Node.js applications

SBOM is the acronym for Software Bill of Materials, which is a list of all the open source npm packages that are part of your project. But it’s not only limited to open source or software packages, and can include operating system libraries, microservices inventory and more.