At Snyk we invented developer-first security. We believe involving developers in the practice of security is key to building and running modern applications. This is exactly why the recent publication, Recommended Practices Guide for Developers by the The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) piqued our interest.
Hack The Box (HTB) is a platform that gamifies cybersecurity training. It’s suitable for aspiring pen testers, as well as developers who want to become security champions — or simply understand the mindset of adversaries a bit better — in order to make their applications more secure.
Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.
Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.
When scanning an image you probably want to scan for both operating system vulnerabilities and vulnerabilities in the application dependencies (like npm, pom.xml, package.json etc), in order to get a full picture of the security issues within your images. Until now, when using the Snyk Container test/monitor commands to scan images you had to specify the --app-vulns flag in order to scan for application vulnerabilities.
Reddit is a good place to stay in the loop when it comes to web development news, and if you’re like me, you probably follow subreddits like r/node or r/javascript. I recently found a great way to build a Zapier Reddit integration with just my JavaScript knowledge — so I can share those trending Reddit posts in my team’s channel. In this article you’ll learn.
The principle of least privilege (PoLP) is a defensive strategy in the software development world. Alternatively called the principle of minimal privilege or the principle of least authority, PoLP ensures that users can only access the systems, processes, networks, and files required to complete their assigned tasks. When properly configured, unauthorized users can’t navigate to restricted application functions or switch roles.
Containers are a standardized software packaging format that provides a predictable, replicable way to run applications. Container isolation is one of the primary benefits of containerized applications. Using containers enables us to isolate our software from its environment, increasing consistency and reliability across our development and staging environments. You’re probably familiar with — or are using — Docker containers.
Creating Java applications is great, and many resources are available. To speed up development, many folks use frameworks and libraries that do some of the heavy lifting. When looking at modern Java applications, almost all of them contain dependencies from libraries developed by someone else. Dependencies take up about 80 to 90 percent of the binary — so, we should take good care of them when creating a Java project.
A Google remote procedure call (gRPC) is Google’s open source version of the remote procedure call (RPC) framework. It’s a communication protocol leveraging HTTP/2 and protocol buffer (protobuf) technologies. gRPC enables a remote client or server to communicate with another server by simply calling the receiving server’s function as if it were local. This makes communicating and transferring large data sets between client and server much easier in distributed systems.
