Snyk Security Horror Story with Andrew Betts
Andrew Betts shares his security horror story of how the Financial Times was hacked by the Syrian Electronic Army.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
DevOps
Snyk Code adds Apex, Swift language support + API, GraphQL security
Snyk Code has had a tremendous 2021. It started the year supporting three languages — Java, JavaScript, and TypeScript — and has since added Python, C#, PHP, Ruby, and Go. More languages and features are on the horizon, and in this article, we’re happy to announce the addition of Swift and Salesforce’s Apex support, as well as API and GraphQL security. Let’s get into it!
Elbow Taps, Airhugs and 5,000 KubeCon Friends
A recap of my time at the CNCF’s signature conference, KubeCon + CloudNativeCon NA 2021. What an amazing week at the first in-person KubeCon + CloudNativeCon since the pandemic started. This KubeCon set a precedent as one of the first major conferences to bring back an in-person component! The theme this time around was Resilience Realized, and they put this on display at the top of the convention hall.
Secure Python Development and Package Management
How do you become a secure python developer? Following best practices, and learning about application security from experts! In this session we will explore and explain explain how Python manages dependencies, the requirements.txt file, and other aspects of 3rd-party open source software. We will gently touch upon an intro to the different package managers, such as pipenv, and poetry.
Windows 10 most critical vulnerabilities for 2021
Windows 10 is probably the most used Operating System (OS) in organizations these days. The fact that every level of user in the organization, from IT experts to entities that has little knowledge in cybersecurity use it, it is prone to be targeted by attackers as a gate to the entire network. A lot of attention is invested in users’ behavior and phishing campaigns, while many risks hide in the OS itself.
Cybersecurity Awareness Month: DevSecOps Puts "Security First"
The theme for the final week of Cybersecurity Awareness Month is “Cybersecurity First,” which could be the motto of many corporate security executives. Cybersecurity should be a high priority for anything technology related, but in truth it’s often an afterthought or even neglected entirely. Many business leaders and users still view security as a hindrance—rather than something that can coexist with productivity and innovation.
CVE-2021-37136 & CVE-2021-37137 - Denial of Service (DoS) in Netty's Decompressors
The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues – CVE-2021-37136.
Snyk Security Horror Story with Jim Manico
In honor of 31 Days of Security and Halloween, Jim Manico shares his security horror story.
Security Horror Story: Accidentally exposing PII data
Nothing beats a good horror story… especially not when you talk about software development and security. I mean, what could possibly go wrong when you develop software???