Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Protecting Digital Transactions with API and Web Application Security In this video, A10 Networks' Jamison Utter and Gary Wang discuss why a different approach to security is required beyond purely transactional-based protection and detection. They delve into how entity-based tracking helps address the challenges of legitimate-looking requests that carry malicious intent, particularly in the context of Application programming interfaces (API) security and advanced threats, such as Layer 7 DDoS attacks.

In this episode of Frameworks for Growth, Vanta Founder and CEO Christina Cacioppo talks with Amjad Masad, Founder and CEO of Replit, about how persistent ideas evolve into breakout products and how founders can stay scrappy while scaling. Amjad breaks down how Replit handled early competition, carved out space as one of the first AI-native dev platforms, and sustained momentum in a crowded, fast-moving market.

This talk reveals insights from a recent campaign that scanned 15 million public DockerHub images and 16 million layers. We downloaded over 30TB of data, uncovering over 100,000 valid secrets providing unauthorized access to protected resources.

Security teams are still drowning in alerts. Solution? Leverage machine learning to prioritize your secrets risks! Discover how we use proprietary models that analyze the context in which your incidents occur, score their severity level, and generate clear explanations and guidelines that empower your team to focus on what matters most.

Agents with MCP servers access your services like databases or Google Drive, increasing the risk due to the secrets volume and lack of control. Explore the challenges of governing these autonomous agents and best practices for limiting agent scope and preventing unintended data exposure.

Veracode Package Firewall is an automated governance solution designed to dynamically control and monitor the use of software packages by blocking vulnerabilities, malware, and policy violations before they enter development pipelines.

Modern security leaders know that account takeover detection (ATO) isn’t just about spotting a bad login. ATO attacks are part of a broader scam lifecycle – starting with phishing or impersonation, escalating into credential harvesting, and ending with unauthorized access. To stop ATOs effectively, security teams need visibility into this full progression, not just the login attempt. That’s why a true ATO prevention strategy starts long before a password is entered.

Plot twist: The biggest cyber threat isn't coming from hackers breaking in... It's coming from vendors you INVITED in! Most companies only discover their third-party risks during ransomware simulations - when it's too late to fix them. Here's the uncomfortable reality: You don't know who has access to your systems You don't know what they can actually touch You're one vendor breach away from disaster.

In this episode, host João Tomé is joined by Emily Hancock, Chief Privacy Officer at Cloudflare, Rory Malone, Principal Privacy Compliance Specialist at Cloudflare.They discuss Cloudflare's new privacy certifications. At the end, there's also Confidence Okoghenun, Senior Systems Engineer at Cloudflare, sharing the innovative Cloudflare Containers for developers.

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.