With threat actors performing man-in-the-middle (MITM) attacks, having an SSL/TLS certificate is no longer a valid reason to trust an incoming connection. Consequently, developers are increasingly adopting SSL/TLS pinning, also known as certificate or public key pinning, as an additional measure to prove the authenticity and integrity of a connection.

Many organizations find it challenging to locate and fix the vulnerabilities in their containers. But the team at Okta knew that securing the containers that support Auth0 (their identity and access (management platform), was imperative. The team also knew these security processes had to be developer-friendly: making finding and fixing container vulnerabilities as simple as possible.

Developing quality software applications can be arduous, as many moving parts must come together to create a working solution. That’s why developers need all the help and convenience they can get, especially when securing their applications. Visual Studio Code (VS Code) is one of the most popular open source code editors for various reasons.

Containers bring new flexibility and agility to software development and deployment. However, they also introduce a new attack surface that malicious actors can exploit. A compromised container can give an attacker access to other containers and even the host system. Smaller images that contain fewer artifacts are already a great help in achieving a smaller attack surface.

Managing dependencies for a project is a task that requires consistent effort and attention. Surely, you’ve found yourself concerned about any of the following while maintaining a project: Luckily, we’ve been able to use GitHub bots to automate dependency management to an extent with solutions like Dependabot and GreenKeeper. However, these bots mostly automate the creation of a new code pull request that proposes the changes to be made.

Docker is a containerization platform for bundling your code, dependencies, and runtime environment into self-contained units that run identically in different environments. Dockerizing a PHP application simplifies deployment by packaging the PHP runtime, a web server, and your source code and composer dependencies into a container. Getting started with Docker is easy. However, there are a few pitfalls you need to avoid before you can safely use it in production.

GitOps was pioneered by Weeveworks in 2017. It uses familiar tools to implement continuous deployment for cloud-native applications, improving the developer experience of Kubernetes cluster management and application delivery.

We’re happy to announce the open beta availability of Snyk’s new Risk Score! Replacing the existing Priority Score, the new Risk Score was designed to help you prioritize more effectively by providing you with an accurate and holistic understanding of the risk posed by a given security issue.

As GenerativeAI expands its reach, the impact of software development is not left behind. Generative models — particularly Language Models (LMs), such as GPT-3, and those falling under the umbrella of Large Language Models (LLMs) — are increasingly adept at creating human-like text. This includes writing code.

URL encoding is a method that ensures your URL only contains valid characters so that the receiving server can correctly interpret it. According to the RFC 3986 standard, URIs (which are a superset of URLs) only contain a limited set of characters consisting of digits, letters, and a few graphic symbols, all within the ASCII character set. If a URL contains characters outside this limited set, the characters must be percent-encoded.