|
By Vandana Verma Sehgal
The role of a Chief Information Security Officer (CISO) is critical in an interconnected business environment. A modern CISO will ensure that their organization is well-prepared to handle the myriad of cybersecurity challenges it faces. It is multifaceted, extending beyond traditional IT security to encompass various responsibilities to protect an organization's information assets.
|
By Jack Hair
Generative AI is an exciting technology that is now easily available through cloud APIs provided by companies such as Google and OpenAI. While it’s a powerful tool, the use of generative AI within code opens up additional security considerations that developers must take into account to ensure that their applications remain secure. In this article, we look at the potential security implications of large language models (LLMs), a text-producing form of generative AI.
|
By Liran Tal
If you spend quite a bit of time in the command line, working with Docker images and containers locally to build and test them, you might be in the mood for some power-user Docker commands. We're skipping the basics and diving straight into the lesser-known yet highly effective commands that can significantly improve your Docker experience.
|
By Erin Cullen
Software development moves fast, and many application security teams struggle to keep up. More sophisticated agile, DevOps, and cloud practices, along with the growing use of AI, mean more agility for development teams. However, these innovations are a challenge for security teams, as they must move at this same speed in order to secure applications effectively. Application security posture management (ASPM) directly responds to these emerging challenges.
|
By David Lugo
Developer teams worldwide are increasingly leveraging AI to accelerate the speed of software development. However, AI-generated code can bypass protocols from the security team, so developers may not be evaluating the code as often as they should. Snyk works alongside today’s modern development teams with the goal of harnessing the many benefits of AI-assisted coding, while also providing full trust that the code is secure.
|
By Vandana Verma Sehgal
The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.
|
By Liran Tal
Unveiled on the 29th of March 2024 is the high-stakes investment and prolonged campaign by a malicious actor to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions, which arguably worked out successfully. That is until a curious engineer noticed a glitch. Currently known affected upstream software and proposed mitigation.
|
By David Lugo
Over the past few years, software supply chain security has been top of mind for governments and businesses alike. Following Log4Shell in late 2021, the Biden administration’s National Cybersecurity Strategy started focusing on open source supply chain security. The National Security Agency (NSA) recently released new guidance on securing open source software supply chains.
|
By Akanchha Shrivastava
The AI revolution is reshaping industries, processes, and the very fabric of software development. As we navigate through this transformative era, it's crucial to understand not only the evolution and application of AI in software development but also the innovative ways in which Snyk, the industry-leading developer security platform, is harnessing AI to enhance security.
|
By Liran Tal
PHP is a popular server-side scripting language that is widely used for web development. PHP developers can ship and deploy more high-quality software products by leveraging static analysis tools that help mitigate PHP code errors, security vulnerabilities, and other issues that can impact the quality and security of the application if not addressed early in the development cycle.
|
By Snyk
Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
Today we walk through the best options for your Node.js Docker Image, how to avoid common pitfalls and mistakes, and the best ways to strengthen the security of your projects effectively. ⏲️ Chapters ⏲️ ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
|
By Snyk
Today we talk about how to secure your JWTs in app development. These are the 3 most important practices to keep your JWTs safe while coding applications!
|
By Snyk
This book will help both development and application security architects and practitioners address the risk of vulnerable open source libraries and discuss why such vulnerable dependencies are the most likely to be exploited by attackers.
|
By Snyk
Forrester conducted a customer study to get insights into why organizations choose Snyk to help them tackle and implement developer-first security. Read the report to dive into the benefits, cost and value ROI for Snyk.
|
By Snyk
This book reviews how the serverless paradigm affects the security of an application, and dives into the benefits it brings.
|
By Snyk
Snyk's annual State of Open Source Security Report 2020 is here. Download it now to learn how Open Source security is evolving.
|
By Snyk
"Shift left" has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails. A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don't have the knowledge or right set of tools to do so.
|
By Snyk
81% of security and development professionals believe developers are responsible for open source security - but many organizations are still unsure how to start building a culture and practice of DevSecOps. Puppet & Snyk's study is digging deeper into the trends of DevSecOps adoption.
|
By Snyk
The 2020 Gartner Market Guide for SCA is here! Recent Gartner survey finds that over 90% of organizations leverage OSS in application development - and as a result, security of open source packages was the highest ranked concern for respondents. These concerns have led to a growing market, addressed by various vendors for SCA tools that mitigate the risk of OSS. New trends emerge with devops on the rise - as the market shifts towards developer-friendly SCA tools.
- April 2024 (16)
- March 2024 (11)
- February 2024 (14)
- January 2024 (21)
- December 2023 (20)
- November 2023 (31)
- October 2023 (29)
- September 2023 (13)
- August 2023 (25)
- July 2023 (17)
- June 2023 (31)
- May 2023 (23)
- April 2023 (20)
- March 2023 (24)
- February 2023 (21)
- January 2023 (18)
- December 2022 (22)
- November 2022 (33)
- October 2022 (40)
- September 2022 (36)
- August 2022 (36)
- July 2022 (18)
- June 2022 (22)
- May 2022 (25)
- April 2022 (31)
- March 2022 (43)
- February 2022 (30)
- January 2022 (28)
- December 2021 (44)
- November 2021 (27)
- October 2021 (26)
- September 2021 (27)
- August 2021 (20)
- July 2021 (19)
- June 2021 (23)
- May 2021 (29)
- April 2021 (22)
- March 2021 (33)
- February 2021 (12)
- January 2021 (13)
- December 2020 (2)
Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.
Security Across the Cloud Native Application Stack:
- Open Source Security: Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process.
- Code Security: Find and fix vulnerabilities in your application code in real-time during the development process.
- Container Security Find and automatically fix vulnerabilities in your containers at every point in the container lifecycle.
- Infrastructure as Code Security Find and fix Kubernetes and Terraform infrastructure as code issues while in development.
Develop Fast. Stay Secure.