Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

Maturing your AppSec Program with Toby Jackson - Secrets of AppSec Champions Podcast

Aug 20, 2024 By Mend In Mend
Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot of good takeaway's that you can use almost immediately.
View Video
mend

Black Hat 2024: AI, AI, and Everything Else

Aug 16, 2024 By Chris Lindsey In Mend
I’m back from another Black Hat! It was great seeing everyone. I put out a message on LinkedIn for people to come find me and, boy, did they. The hallway conversations were so engaging, I was sometimes late getting to the official talks, but I’m getting ahead of myself. AI was everywhere, as we’d expect, but I also sat down to listen to experts on other topics like critical infrastructure, cyber insurance, and the root causes of cybersecurity failure.
Read Post
mend

Dude, Where's My Documentation?

Aug 8, 2024 By Chris Lindsey In Mend
This is a public service announcement: The not-so-simple act of securing applications produces a lot of documentation, including playbooks and policies, that isn’t typically needed on a daily basis. But when a zero-day event occurs, such as the recent Crowdstrike incident, application security teams better be able to find everything they need—and fast. Sadly, in both big and small companies, missing and outdated documentation is rampant.
Read Post

Your First 90 Days in a New AppSec Role with Anthony Israel-Davis - Secrets of AppSec Champions

Aug 5, 2024 By Mend In Mend
Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot of good takeaway's that you can use almost immediately.
View Video
mend

Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification

Jul 30, 2024 By Maciej Mensfeld In Mend
Large language models are fascinating tools for cybersecurity. They can analyze large quantities of text and are excellent for data extraction. One application is researching and analyzing vulnerability data, specifically Common Vulnerabilities and Exposures (CVE) information. As an application security company with roots in open source software vulnerability detection and remediation, the research team at Mend.io found this a particularly relevant area of exploration.
Read Post
mend

A Guide to Open Source Software

Jul 26, 2024 By AJ Starita In Mend
Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the software.
Read Post
mend

SAST - All About Static Application Security Testing

Jul 18, 2024 By AJ Starita In Mend
Updated on 07/18/2024 Static Application Security Testing (SAST) has been a central part of application security efforts for more than 15 years. According to the Crowdstrike 2024 State of Application Security Report, eight out of the top 10 data breaches of 2023 were related to application attack surfaces, so it’s safe to say that SAST will be in use for the foreseeable future.
Read Post
mend

Dependency Management: Protecting Your Code

Jul 12, 2024 By AJ Starita In Mend
Managing dependencies isn’t always easy, but it’s critical for protecting your code. In this guide, we’ll explore what dependencies are and how they can be checked for known vulnerabilities, compatibility, licensing requirements, and more. We’ll then learn that dependency checks should be part of a dependency management strategy to keep applications up to date and reduce security risks and technical debt.
Read Post
mend

More than 100K sites impacted by Polyfill supply chain attack

Jul 1, 2024 By Tom Abai In Mend
Polyfill.js is a popular open-source project that provides modern functionality on older browsers that do not support it natively; users embed it using the cdn.polyfill.io domain. On February 24, 2024, a Chinese company named Funnull acquired both the domain and the Github account. Following that acquisition, the developer, Andrew Betts, tweeted on his X account a warning for all of his service’s users urging them to remove any reference to polyfill from their code.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.