Blog | ReversingLabs (14)

November 22, 2023

Don't let CVEs distract you: Shift your AppSec team's focus to malware

Rather than wasting cycles on vulnerabilities, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why.

November 22, 2023

Secure by Design: How legacy application security is holding it back

Ingrained development patterns and legacy testing tools are holdovers from a reactive era of AppSec. Here's how how to move software security forward.

November 22, 2023

ReversingLabs Launches Software Supply Chain Security Availability in AWS Marketplace

ReversingLabs software supply chain security will be available directly through AWS Marketplace, improving how your team can fortify your application security.

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

November 15, 2023

Zero trust and threat modeling: Is it time for AppSec to get on board?

Is it time for zero trust-based threat modeling for your AppSec? Understand the benefits and challenges.

November 14, 2023

8 CI/CD security best practices: Protect your software pipeline

8 CI/CD security best practices to protect your software pipeline.

November 9, 2023

How supply chain security tools can protect ML models

Supply-chain Levels for Software Artifacts (SLSA) and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.

November 7, 2023

OWASP Top 10 for LLM update bridges gap between AppSec and AI

Generative AI is advancing at a breakneck pace. Here's a full rundown for your development and app sec teams to keep it from breaking your org's back.

November 6, 2023

TitaniumCloud app for Splunk SOAR updated

Version 1.2.0 of RL's TitaniumCloud app for Splunk SOAR adds new actions for network reputation lookups.

November 1, 2023

5 best practices for putting SBOMs to work with CI/CD

SBOMs are essential — but making them useful is tricky in continuous integration/continuous deployment environments. Here are the key best practices.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

October 26, 2023

How mature is your open-source risk management? S2C2F helps map dependencies

OpenSSF's Secure Supply Chain Consumption Framework can help better lay out risk for open-source components — but remediation is left out of the picture.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Don't let CVEs distract you: Shift your AppSec team's focus to malware

Secure by Design: How legacy application security is holding it back

ReversingLabs Launches Software Supply Chain Security Availability in AWS Marketplace

Protestware taps npm to call out wars in Ukraine, Gaza

Zero trust and threat modeling: Is it time for AppSec to get on board?

8 CI/CD security best practices: Protect your software pipeline

How supply chain security tools can protect ML models

OWASP Top 10 for LLM update bridges gap between AppSec and AI

TitaniumCloud app for Splunk SOAR updated

5 best practices for putting SBOMs to work with CI/CD

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

How mature is your open-source risk management? S2C2F helps map dependencies

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports