dependencies

Fake npm Packages Found in GitHub Repository

Fake npm Packages Found in GitHub Repository

| | dependencies, GitHub, Industry News, Javascript, npm, typossquatting
Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
HOTforSecurity
Professionally Evil Fundamentals: What is OWASP

Using Components with Known Vulnerabilities

| | dependencies, fundamentals, owasp, OWASP Top 10, patching, Penetration Testing, vulnerability assessment, Vulnerability Management, vulnerability scanning
When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is ...
Professionally Evil Insights

PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector

| | 2019 State of the Software Supply Chain Report, Cheese Shop, dependencies, dependency injection, Post security/devsecops, PyPI, Vulnerabilities
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain ...
Sonatype Blog