Securing Internal Applications
How Figma protects internal tools using off the shelf AWS services with Max Burkhardt, a security engineer at Figma.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The Power of Data: Calendar-based Policy Enforcement
A problem that is often discussed in the context of policy-as-code is how to get more people other than developers involved in policy authoring. Policy as code is still code, and while tooling and abstractions can help to some extent, the process still involves at least some level of development knowledge.
SnykCon 2021 Gathers Thousands of Developers to Advance the Global DevSecOps Movement
Snyk Introduces New Product Innovations, Digital Ocean and HashiCorp Partnerships and Launches Snyk Learn. Also Unveils Snyk Impact, New Embedded Operating Model for Ongoing Corporate Social Impact.
Introducing Snyk developer-first security into the Terraform Cloud workflow
With the rise in popularity of technologies such as HashiCorp Terraform, Docker, and Kubernetes, developers are writing and maintaining more and more configurations in addition to building the application itself. The growing use of infrastructure as code presents security complexity and the potential for risk that developers often struggle with as their workloads increase and more advanced skills are required.
Introducing Snyk Learn
Introducing Snyk Learn, a high-quality security education solution available for free that puts developers in control of their own security education journey. With content that is natively integrated into the development workflow, and tailored for developers, Snyk Learn makes security education relevant, actionable and engaging.
When should a startup call the FBI
For this 11th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Elvis Chan. Elvis is Assistant Special Agent in charge assigned to the San Francisco FBI Field office. Chan manages a squad responsible for investigating national security cyber matters and has over 14 years of experience in the bureau.
Build vs Buy for Start-ups
This is the age-old question faced by so many tech teams: do we build or buy a system we need? TL:DR, Buying can save your engineer time for building the core stack and for the fun experiments needed to determine when to shake up the core stack.
Kong Mesh and Styra DAS - securing modern cloud-native applications
Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.
Utilizing Upbound Crossplane and Styra DAS to Set Policy Across a Modern Technology Stack
Upbound Crossplane with Styra Declarative Authorization Service (DAS) allows developers to elegantly provision infrastructure while preventing unsecure configuration. Crossplane applied to Kubernetes with Open Policy Agent (OPA) and Styra DAS can efficiently and effectively apply policy for centralized code and enforcement.
23andMe's Yamale Python code injection, and properly sanitizing eval()
JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.