Welcome to our cheat sheet covering the OWASP Top 10 for LLMs. If you haven’t heard of the OWASP Top 10 before, it’s probably most well known for its web application security edition. The OWASP Top 10 is a widely recognized and influential document published by OWASP focused on improving the security of software and web applications. OWASP has created other top 10 lists (Snyk has some too, as well as a hands-on learning path), most notably for web applications.

JavaScript runtimes help you build advanced, server-driven JavaScript projects that aren't dependent on the user's browser to run. There are several choices of runtimes available, with the supremacy of the old stalwart Node.js being challenged by Deno and Bun. Deno is the latest project produced by the same developer who originally created Node.js, Ryan Dahl, back in 2009.

Today, we are proud to announce the beta version of SocketSleuth, our new Burp Suite extension for performing security testing against WebSocket-based applications. SocketSleuth was created out of our security research group to aid in our security research against applications that leverage WebSockets for communication.

At this year’s AWS re:Invent, Mic McCully, Field CTO at Snyk, spoke with Jacob Salassi, Director of Product Security at Snowflake. They discussed what it looked like for Snowflake to overcome various security challenges with the right combination of processes, company culture shifts, and tool partners (including Snyk!). Read on to learn about the practices Jacob and his team established to create a successful application security program.

We’ve seen how technology can evolve at warp speed, and AI has emerged as both a revolutionary force and a tantalizing enigma. Whether you're a seasoned developer seeking to expand your toolkit or a security enthusiast on a quest for clarity in the realm of AI, embarking on the journey to demystify this dynamic field can be both exhilarating and overwhelming.

With threat actors performing man-in-the-middle (MITM) attacks, having an SSL/TLS certificate is no longer a valid reason to trust an incoming connection. Consequently, developers are increasingly adopting SSL/TLS pinning, also known as certificate or public key pinning, as an additional measure to prove the authenticity and integrity of a connection.

Many organizations find it challenging to locate and fix the vulnerabilities in their containers. But the team at Okta knew that securing the containers that support Auth0 (their identity and access (management platform), was imperative. The team also knew these security processes had to be developer-friendly: making finding and fixing container vulnerabilities as simple as possible.

Developing quality software applications can be arduous, as many moving parts must come together to create a working solution. That’s why developers need all the help and convenience they can get, especially when securing their applications. Visual Studio Code (VS Code) is one of the most popular open source code editors for various reasons.

Containers bring new flexibility and agility to software development and deployment. However, they also introduce a new attack surface that malicious actors can exploit. A compromised container can give an attacker access to other containers and even the host system. Smaller images that contain fewer artifacts are already a great help in achieving a smaller attack surface.

Managing dependencies for a project is a task that requires consistent effort and attention. Surely, you’ve found yourself concerned about any of the following while maintaining a project: Luckily, we’ve been able to use GitHub bots to automate dependency management to an extent with solutions like Dependabot and GreenKeeper. However, these bots mostly automate the creation of a new code pull request that proposes the changes to be made.