Application Security | News, how-tos, features, reviews, and videos
Open-source packages with large language model (LLM) capabilities have many dependencies that make calls to security-sensitive APIs, according to a new Endor Labs report.
With the added features, Enforce can now generate and ingest software bills of materials for container images, automate vulnerability scans and generate reports.
JFrog Curation vets and blocks infected open source or third-party packages before they enter development.
OPSWAT study found about three-fourths of organizations pushing their security budgets over evolving applications with unsecured infrastructure.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.
Threat actors are concealing campaigns to evade detection and establish stronger footholds in compromised systems.
Baffle Manager 2.0 adds REST APIs, secrets store, certificate store, and SSO to fully automate data protection over SaaS workflows.
The new scouting tool for threat hunting and malicious infrastructure analysis promises to level up users’ security operation centers.
The application programming interface (API) has become integral to setting up functionality and flexibility. But they’re also potential attack vectors that need to be high on the security team’s radar.