Snyk achieves AWS Security Competency status
We are very excited to announce that Snyk has achieved AWS Security Competency status, further validating our commitment to security excellence in partnering with AWS!
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Java Security Tip: Sanitize user input
Java Security Quick Tip: Always santize user input before you display it in your web app. Displaying user input wideout proper validation or sanitization can lead to cross-site scripting security issues. With the OWASP Encoder library, you can escape scripts and be positive that they will not be executed in the users' browser. In this video I will answer the following questions Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for Java and many other languages.
Infrastructure as Code: Enabling DevOps Success
Infrastructure as code (IaC) promises to make developers more agile, but it’s not without risk. Learn more about what IaC is, its benefits, and best practices for how to use this technology securely.
Building Secure Apps in VS Code
In this installment of SnykLIVE we're joined by Georgi Mitev and Michel Kaporin from the Product and Engineering teams at Snyk. They will show us how we can build apps more securely when using Visual Studio Code. Links shared during the session.
RFDiscussion #0 ~ RFDs and HSMs
0:00 - Introduction to RFDs
6:59 - RFD 25 Hardware Security Module (HSM) support
re:Invent 2021: 10 Reasons You Need Teleport to Secure Your Apps on AWS
Teleport will be live at re:Invent from Nov. 30-Dec. 2. If you are there, please stop by Booth 718 and talk to me and the Teleport team about how we can improve your security and compliance of apps running on AWS. If you can’t make it in person, here is my top 10 list of things you should know about AWS and Teleport. Check out our Teleport on AWS page for more info.
Run confidently with secure DevOps
The rapid pace of digital transformation is accelerating the shift to cloud-native applications using containers and Kubernetes to speed the pace of delivery. But application delivery is one thing. Application uptime performance and protection are another. For cloud teams already running production one fact is clear, monitoring and troubleshooting are only the beginning. They also need to own security and compliance for their apps.
The Kubernetes' Open-Source Tools to Check out in 2022
In 2014, Kubernetes surfaced from work at Google and quickly became the de facto standard for container management and orchestration. Despite its silicon valley origins, it became one of the most impactful open-source projects in the history of computing. Today, the Cloud Native Computing Foundation (CNCF) maintains Kubernetes with many private companies and independent open-source developers.
Teleport and PagerDuty Integration
Teleport provides secure access for cloud applications and infrastructure that doesn’t get in the way. When implementing strict zero-trust rules you sometimes need to escalate and elevate privileges. By leveraging PagerDuty, you are able to alert the request and approve or deny system access. Using PagerDuty’s schedule feature, you are able to dynamically assign administrative privileges based on who’s on call. This greatly reduces the scope of access.
WhiteSource Research: Fixing Vulnerable npm Packages Quickly and Painlessly
Over the past few years organizations have been shifting security tools and practices left to ensure that application security is addressed from the earliest stages of the software development life cycle (SDLC). These efforts also increasingly cover open source components, which comprise up to 80% of our software products.