Dev & DevSecOps
Federal CI/CD security guidance: Been there, done that
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are telling development organizations to tighten up the security of their development pipelines or face the risk of ...
MOVEit supply-chain bug walks before it runs
Progress Software’s MOVEit file-transfer platform has been causing high-profile data leaks ...
What’s the difference between app sec and supply chain security? It’s all in the hack
ReversingLabs Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks ...
PyPI hackers code sneaky new tactic. Researchers caught ’em red handed
Python Package Index (PyPI) attackers used compiled code to evade detection. It’s possibly the first attack to take advantage of .PYC file direct execution — but likely not the last ...
When byte code bites: Who checks the contents of compiled Python files?
During our continuous threat hunting efforts to find malware in open-source repositories, the ReversingLabs team encountered a novel attack that used compiled Python code to evade detection. It may be the first ...
The state of app sec with Chris Romeo: The year of the application is near
The discipline of application security has been around for decades, but major advancements in how software is built and distributed are shifting the ground underneath application security teams — increasing opportunities for ...
