ReversingLabs Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.
Why are they different? And why do you need software supply chain security in addition to your application security testing (AST) and software composition analysis (SCA) tools?
Rose does a level-set, explaining that these solutions are important at finding specific lenses of risk, "whether that's a SAST solution in the AST umbrella or a malware identification, or a potential compromise of a secret in a software supply chain instance."
"So thinking about this, the biggest thing that I like to say is a hack is really going outside the bounds of the intended purpose of the application. It does what it's functionally supposed to do, but it does some other things too, some things that it's not intended to do."
—Matt Rose
As Rose notes, a lot of the time, these things are very hard to find given the very aggressive release cycles software teams are facing, as well as the complex nature of today's applications.
What better way to break down the difference between app sec hacks and supply chain hacks than using the ubiquitous SQL injection as an example? Here's this week's ReversingGlass, Application Hacks vs. Software Supply Chain Hacks:
Keep learning
- Learn how you can go beyond the SBOM with deep visibility and new controls for the software you build or buy. Learn more in our Special Report — and take a deep dive with our white paper.
- Upgrade your software security posture with RL's new guide, Software Supply Chain Security for Dummies.
- Commercial software risk is under-addressed. Get key insights with our Special Report, download the related white paper — and see our related Webinar for more insights.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.