Web applications are vulnerable to several kinds of attacks, but they’re particularly susceptible to code injection attacks. One such attack, the XPath Injection, takes advantage of websites that require user-supplied information to access data stored in XML format. All sites that use a database in XML format might be vulnerable to this attack. XPath is a query syntax that websites can use to search their XML data stores.
We are honored and humbled to announce Snyk has been named to the CNBC 2023 Disruptor 50 List, following our debut on the Disruptor List in 2021 and our listing as a Top Startup for the Enterprise in 2022. The full list was unveiled this morning. Industry recognitions like this are a testament to all of the hard work and dedication our global team puts into fulfilling our founding mission each and every day: equipping and empowering every one of the world’s developers to build securely.
Finding and fixing security issues in your code has its challenges. Chief among them is the important step of actually changing your code to fix the problem. Getting there is a process: sorting through security tickets, deciphering what those security findings mean and where they come from in the source code, and then determining how to fix the problem so you can get back to development. Not to worry — AI will take care of everything, right?
In today's fast-paced and ever-evolving technological landscape, building an effective security program is critical for any organization. I had the privilege of hosting Guy Podjarny, Snyk’s CEO and Co-Founder, on All Aboard, a new podcast produced by ConductorOne.
In honor of May the 4th, we’re featuring a narrative from an Imperial trooper in a faraway galaxy as he reflects on his organization’s worst day and how it could’ve gone differently. Don’t get me wrong. I’m still proud to work for one of the most formidable organizations in the galaxy. But as most of you probably know, we’ve recently hit quite a setback. Our higher-ups decided to build a space station.
Hackathons are well known among software development teams for driving innovation and collaboration. So, what if we applied that model to cybersecurity to improve an organization’s application security posture? That would be a dream come true for any CISO and security practitioner — and is exactly what we set out to do at Snyk in February 2023. Check out some of the funniest moments from our panels.
When a web server receives an HTTP request, it is processed and sent back with a response containing the requested resource and any additional information in the form of HTTP response headers. These headers provide important data, such as last-modified dates, content types, and cache-control settings. The browser then uses this information to determine how to display or store that particular resource. This process helps ensure efficient communication between web servers and browsers.
AI is advancing at a stunning rate, with new tools and use cases are being discovered and announced every week, from writing poems all the way through to securing networks. Researchers aren’t completely sure what new AI models such as GPT-4 are capable of, which has led some big names such as Elon Musk and Steve Wozniak, alongside AI researchers, to call for a halt on training more powerful models for 6 months so focus can shift to developing safety protocols and regulations.
This supply chain series centers on the lessons learned from OpenSSL and what you need to consider when enhancing your supply chain security. While this series will focus on OpenSSL and relevant libraries, we'll also consider vulnerabilities across the board. In the first installment, we covered everything you need to know about where to look for vulnerable libraries.
Java is a powerful backend programming language that can also be used to write HTML pages for web applications. However, developers must know the potential security risks associated with Cross-Site Scripting (XSS) attacks when creating these pages. With the rise of modern templating frameworks, preventing security attacks through proper input validation and encoding techniques has become easier.
