Keeping up with today’s rapidly evolving threat landscape is an ongoing journey for software development enterprises in cloud-native environments, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery in cloud native environments. Earlier this summer WhiteSource hosted a roundtable discussion with HackerOne, AWS, and IGT about the new security challenges enterprises face as they shift to a digital native environment.

DevOps and Agile are popular modern software development methodologies. According to the 14th Annual State of Agile Report, 95% and 76% of the respondents stated that their organizations had adopted Agile and DevOps development methods, respectively. Interestingly, both approaches have the same aim: deliver the end product as efficiently and quickly as possible.

Application security remains a top concern for organizations, making the need for skilled cybersecurity professionals as urgent as ever. Nearly half of security practitioners in high-performing enterprises who participated in a recent Ponemon Institute research report about reducing enterprise security risks stated that hacks to insecure applications are their organization’s biggest concern.

Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.

Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.

Penetration testing is a common technique used to analyze the security posture of IT infrastructure. Web application penetration testing can assist you in identifying the potential security weaknesses in your web-based applications so that they can be fixed before attackers exploit them.

Gartner forecasts that worldwide public cloud end-user spending will grow 23% to USD 332.3 billion in 2021 as cloud technologies become mainstream. As cloud computing architectures continue to become more prevalent, “cloud native” has become a popular buzzword. But what exactly does “cloud native” mean and what impact does it have on security? How exactly do you secure all these cloud native applications?

By Jonathan Leitschuh; Daniel Elkabes, Senior Security Researcher at WhiteSource; Ofir Keinan, Software Developer at WhiteSource The latest Maven release 3.8.1 contains a fix to security vulnerability CVE-2021-26291. Detected and reported by security researcher Jonathan Leitschuh, the vulnerability affects over 100,000 libraries in Maven Central, according to the WhiteSource security research and knowledge teams.

As supply chain attacks continue to dominate headlines, software development teams are beginning to realize that package management can’t be taken lightly — the threats hidden under the hood are real. In this installment of The Source, we want to talk about the practices and tools that developers need to adopt in order to protect against supply chain attacks.