The use of artificial intelligence in every area of life — from writing papers to maintaining critical infrastructure to manufacturing goods — is a controversial topic. Some are excited about the possibilities that come with AI/ML tech, while others are fearful and reticent. These differing opinions raise a fundamental question: will AI turn our modern-day society into a utopia or a dystopia?
The widespread success and influence of Microsoft Visual Studio (VS) Code can be largely credited to its extensibility. While it's often categorized as a code editor, with the right knowledge and extensions, it can be so much more. For instance, it can also be used as a web browser, word processor, or file-management system. Microsoft also encourages developers to take advantage of VS Code's extensibility by making the VS Code API as accessible as possible.
This month, Apple Security Engineering and Architecture (SEA) and The Citizen Lab at The University of Toronto's Munk School opened a pair of Critical vulnerabilities relating to maliciously formed WebP images which could be used to exploit the Chrome browser, as well as the webmproject/libwebp library from Google. As of Sep 27th, 2023, the CVEs known to track this libwebp vulnerability actively include.
By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.
In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.
In our first year participating in the Forrester Wave™: Static Application Security Testing (SAST) Q3 2023, we’re thrilled that Snyk has been recognized as a Strong Performer in a mature, yet evolving, enterprise software security category. Snyk is disrupting the SAST market with a developer-first approach to application security, illustrated by our position in strategy and market presence in the evaluation.
DevSecOps is all about collaboration: facilitating a solid partnership between development and security teams. However, these collaboration efforts won’t succeed without help from leadership. Development and security teams need top-down support to set measurable goals, create a secure CI/CD pipeline, and establish a DevSecOps culture. Three experts came together at Black Hat Asia 2023 to discuss how leadership can participate in fostering security success.
In modern web applications, cross-origin resource sharing (CORS) enables secure communication between applications hosted on different origins. Developers use CORS to access other applications’ services within their own. This approach eliminates the need to rewrite features from scratch, accelerating development time and improving the developer experience.
If you're a developer working with Java, you likely know Spring Boot, the robust framework that streamlines the development of stand-alone, production-grade, Spring-based applications. One of the many features it offers is Bean Validation, which is a crucial aspect of any application to ensure data integrity and improve user experience.
Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.
