Learning Center

Confirming the authenticity and integrity of software packages.

Simulated attacks to evaluate system vulnerabilities.

Ensuring security in continuous integration/delivery pipelines.

A critical metric for organizations seeking to understand how effectively their development teams adhere to established security policies throughout the software development lifecycle. 

Exploit where attackers manipulate AI prompts to bypass restrictions or generate harmful output.

The Malicious Manipulation of AI Language Models and Large Language Model Security

Isolating potential threats to prevent spread.

Securing database queries to prevent injection attacks.

A Critical Spring framework vulnerability that shook Java applications.

Corrective actions taken to address security vulnerabilities.

Automated processes to address security vulnerabilities.

Analyzing the distribution of risk findings by severity.

Strategies to reduce the impact of security threats.

Defenses that secure applications during execution.

Evaluating potential security threats and vulnerabilities in the SDLC.

Coding standards that help prevent security vulnerabilities.

Systems that aggregate and analyze security event data.

A dedicated team responsible for monitoring and responding to security incidents.

Self-replicating npm malware named after the sandworms in the movie "Dune."

Typo-based attack targeting mistyped package names to spread malware.

A comprehensive security framework for protecting your software supply chain integrity and preventing tampering attacks throughout the development lifecycle.

Manipulating people into revealing confidential info or performing unsafe actions.

A comprehensive list of components in a software product.

SBOMs relation to healthcare and medical devices.

Assessing third-party components for security risks.

Identifying and mitigating risks in the software supply chain.

Learn the basics about software supply chain security.

Reviewing code without executing it to find vulnerabilities.

An attack targeting vulnerabilities in the supply chain.

Collecting data from systems for analysis and monitoring.

Gathering and analyzing information on cyber threats.

Identifying and evaluating potential security threats.

Replacing sensitive data with non-sensitive substitutes.

Indirect third-party components that your application inherits through its direct dependencies.

Registering mistyped domain/package names to trick users into installing malicious content.

A security model ensuring trust across systems and networks.

Processes for timely deployment of software updates.

Analyzing user actions to detect anomalies and threats.

FDA's cybersecurity risk management requirements for new medical devices.

FDA's approach to managing cybersecurity risks in marketed medical devices.

Confirming that systems meet specified security standards.

Protecting the integrity of source code repositories.

A format for sharing whether a vulnerability affects specific software components.

A vulnerability in your external software supply chain exposes your dependencies to supply chain attacks.

Automated scanning for known security weaknesses.

Securing automated communication endpoints between applications.

Securing business processes and automated workflows.

Digital certificates that use the X.509 standard for authentication.

Protecting XML data and processes from exploitation.

A lossless data compression utility; linked to a major supply chain backdoor incident.

Securing configuration files written in YAML format.

Rules used to identify and classify malware.

Processes to detect and mitigate previously unknown vulnerabilities.

A security framework that assumes no implicit trust.