Webinar | Delivering Threat Analysis Beyond VirusTotal's Reach
Save Your Seat
ReversingLabs is the #1 Alternative to VirusTotal
Learn Why
New White Paper | The Monsters in Your Software Supply Chain
Read Now

Dev & DevSecOps (2)

FraudGPT/WormGPT: Scammy for now — but a worrying signpost for software security
August 2, 2023

FraudGPT/WormGPT: Scammy for now — but a worrying signpost for software security

Your app sec team should factor in more capable malicious AI tools, coming soon.
Read More
No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’
July 25, 2023

No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’

It’s an optional trial program (for now). How would your dev team cope? Is this the future of zero trust?
Read More
Safe programming languages: A solid first step for application security
July 19, 2023

Safe programming languages: A solid first step for application security

Safe programming languages and packages can dramatically reduce vulnerabilities. Here's my rundown on the safest bets for secure coding.
Read More
Federal CI/CD security guidance: Been there, done that
July 17, 2023

Federal CI/CD security guidance: Been there, done that

CISA and NSA issued security guidance on continuous integration/continuous delivery environments — but missed an opportunity to escalate the conversation.
Read More
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites
July 5, 2023

Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites

C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.
Read More
Hackers breached UPS data for SMS phish spree
June 27, 2023

Hackers breached UPS data for SMS phish spree

It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.
Read More
Passkeys standard: Time to add it to your dev plans?
June 21, 2023

Passkeys standard: Time to add it to your dev plans?

Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?
Read More
MOVEit software exploit walks before it runs
June 13, 2023

MOVEit software exploit walks before it runs

Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.
Read More
What's the difference between app sec and supply chain security? It's all in the hack
June 7, 2023

What's the difference between app sec and supply chain security? It's all in the hack

Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.
Read More
PyPI hackers code sneaky new tactic. Researchers caught 'em red handed
June 6, 2023

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

Compiled-code behavior analysis beats old-skool app sec tools.
Read More
When byte code bites: Who checks the contents of compiled Python files?
June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
Read More
The state of app sec with Chris Romeo: The year of the application is near
June 1, 2023

The state of app sec with Chris Romeo: The year of the application is near

ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.
Read More

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs: The State of Open Source Software Security ConversingLabs: The State of Open Source Software Security
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: SBOMS and threat modeling ReversingGlass: SBOMS and threat modeling
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software
Analyzing Risks To Your Software Supply Chain