We have more than a few reasons to be thrilled with the results of the 2021 Gartner Magic Quadrant for Application Security Testing. In our debut on the report, Snyk has been recognized as a Visionary. Additionally, we are placed furthest in the Visionaries quadrant for both Completeness of Vision and Ability to Execute, and second-furthest for Completeness of Vision in the overall Magic Quadrant.
We are honored to share that Snyk has been named to the ninth annual CNBC Disruptor 50 List, coming in at #15! The full list, unveiled earlier this week, identifies 50 private companies “aligned with today’s rapid pace of technological change and poised to emerge from the pandemic as the next generation of business leaders.” The pandemic accelerated digital transformation and associated cybersecurity concerns.
In our previous blog, we explored the nature of intent-based Android security vulnerabilities. Now we’re going to dive into how we performed our security analysis on apps in the Google Play Store with Snyk Code.
We have been witnessing an ever growing amount of supply chain security incidents in the wild. Everything from open source package managers security flaws being exploited to continuous integration systems being compromised to software artifacts being backdoored. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE.
To stay ahead of attackers, we constantly monitor various security threats. One of these threats — supply chain attacks — aims to compromise an organization through its software development process. Recently, a huge spike in supply chain attacks was observed — dependency confusion was discovered, the SolarWinds breach was reported and more malicious packages were flagged. This certainly drew our attention (as well as the rest of the world’s)!
As announced last week by our good friends at the Node.js Foundation, Snyk has agreed to take over from the amazing Node.js ecosystem vulnerability disclosure program. As a company that’s been part of this program from a very early stage — and has been inspired by it to create our own multi-ecosystem disclosure program — it is a great honor to have been entrusted with this responsibility, and we thank the Node.js Foundation sincerely for their trust in this matter.
This is a story of bringing the pain forward, begging forgiveness, and continuous improvement. In the early days of Manifold — long before we joined Snyk — we were building an independent marketplace for developer services (like databases or transactional email senders). The structure of our code was typical: we had a React frontend app, and a collection of Go microservices talking to a database. A typical structure meant we had typical problems, too.
In 2020, over 30 new major features were released across the Snyk platform — in Snyk Open Source, Snyk Container, Snyk Infrastructure as Code, and Snyk Code. While both our development and product teams deserve credit for Snyk’s rapid pace of development, our users also play an important role by continuously providing us with their feedback and insight. Our ultimate goal is to help development and security teams be successful in mitigating risk.
PHP is used extensively to power websites. From blogging to ecommerce, it’s embedded in our everyday lives and powers much of the internet we use today. According to a Wappalyzer report on top programming languages of 2020, PHP has a 79% market share of backend languages used on the internet today. One of the biggest challenges with PHP libraries over the years has been package management. There have been a few ways to easily install and maintain libraries including PECL, CPAN.
Our phones know a lot about us, so it’s important we can trust them. After discovering and then publishing our findings on SourMint — the malicious iOS ad SDK — the Snyk Security Team decided to dig deeper in the Android ecosystem. To do so, we leveraged Snyk Code to analyze and search for vulnerabilities in applications uploaded to the Google Play store.
