Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

I am a credit card skimming attack victim. It happened about eight weeks ago, and to this day, we’re still dealing with the repercussions. This is a true story. (Although I did substitute a few facts to protect the innocent.) And yes, while I work for Feroot, and this is appearing in our blog, I think it is important that cybersecurity professionals hear first hand from a card skimming attack victim—someone who is like every other customer that their business supports.

Meet Feroot - Client-Side Security Made Easy

Empower your business with client-side security. Arm your application developers, security professionals, and privacy professionals with reliable client-side security technologies to develop secure JavaScript applications, stop client-side cyberattacks, and ensure compliance with global privacy regulations. Learn more about Feroot Security and what we can do to help you secure your client-side attack surface!

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Hell Yeah, I Want an Automated Content Security Policy!

Generating a generic content security policy is easy. Manually managing those policies to ensure they operate effectively and provide the right level of security is an entirely different issue. For businesses willing to make the shift, an automated content security policy can significantly ease the policy management burden.

JavaScript Web Application Security: 5 Things Developers Should Know

When client-side security breaches happen, web application developers may find themselves at the receiving end of the blame game (somewhat unfairly). The demands of an accelerated development cycle combined with pressures related to JavaScript web applications security, means developers may feel caught in the proverbial “damned if you do and damned if you don’t” loop.

Safer together: Snyk and CISPA collaborate for the greater good

Great things happen when the academic world and the software industry work together! Today, we’d like to share a story about our recent collaboration with the CISPA Helmholtz Center for Information Security, a big science institution in Germany. Back in January, Cris Staicu Ph.D. (Tenure-Track Faculty, CISPA), contacted us about his research on NodeJS and JavaScript.

What Does PCI DSS 4.0 Mean for Client-Side Security?

PCI DSS 4.0 couldn’t have come at a more opportune time, particularly as the global pandemic forces more individuals into online purchasing—from shopping and entertainment to healthcare and hospitality. With PCI 4.0 compliance mandated by 2025, it is critical to understand now what it will mean for client-side security, so businesses can begin the implementation process.

Why Web Application Visibility Is Important to JavaScript Security

Web application visibility is all about the insight and control application security professionals have into the software operating on the front end or client side. Sitting down to write about why web application visibility is important to JavaScript security, I was reminded of a folk song about coding that was popular back in the 1980s. (Yes, you read that right. A popular folk song about coding. Fans of Stan Rogers or listeners of the cult-favorite, syndicated radio show known as Dr.

Everything You Need to Know to Prevent JavaScript Supply Chain Attacks

JavaScript supply chain attacks are a bit like rolling thunder. The boom starts in one location and then reverberates along a path, startling folks, shaking windows, and—if there is a significant enough storm to accompany the thunder—leaving varying degrees of devastation in its wake.