Sep 28, 2023
|
By Brian Clark
This month, Apple Security Engineering and Architecture (SEA) and The Citizen Lab at The University of Toronto's Munk School opened a pair of Critical vulnerabilities relating to maliciously formed WebP images which could be used to exploit the Chrome browser, as well as the webmproject/libwebp library from Google. As of Sep 27th, 2023, the CVEs known to track this libwebp vulnerability actively include.
Sep 27, 2023
|
By Simon Maple
By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.
Sep 26, 2023
|
By Hrittik Roy
In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.
Sep 20, 2023
|
By Peter McKay
In our first year participating in the Forrester Wave™: Static Application Security Testing (SAST) Q3 2023, we’re thrilled that Snyk has been recognized as a Strong Performer in a mature, yet evolving, enterprise software security category. Snyk is disrupting the SAST market with a developer-first approach to application security, illustrated by our position in strategy and market presence in the evaluation.
Sep 18, 2023
|
By Brian Piper
DevSecOps is all about collaboration: facilitating a solid partnership between development and security teams. However, these collaboration efforts won’t succeed without help from leadership. Development and security teams need top-down support to set measurable goals, create a secure CI/CD pipeline, and establish a DevSecOps culture. Three experts came together at Black Hat Asia 2023 to discuss how leadership can participate in fostering security success.
Sep 13, 2023
|
By Victor Ikechukwu
In modern web applications, cross-origin resource sharing (CORS) enables secure communication between applications hosted on different origins. Developers use CORS to access other applications’ services within their own. This approach eliminates the need to rewrite features from scratch, accelerating development time and improving the developer experience.
Sep 12, 2023
|
By Lucien Chemaly
If you're a developer working with Java, you likely know Spring Boot, the robust framework that streamlines the development of stand-alone, production-grade, Spring-based applications. One of the many features it offers is Bean Validation, which is a crucial aspect of any application to ensure data integrity and improve user experience.
Sep 11, 2023
|
By Najia Gul
Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.
Sep 7, 2023
|
By Simon Maple
Welcome to our cheat sheet covering the OWASP Top 10 for LLMs. If you haven’t heard of the OWASP Top 10 before, it’s probably most well known for its web application security edition. The OWASP Top 10 is a widely recognized and influential document published by OWASP focused on improving the security of software and web applications. OWASP has created other top 10 lists (Snyk has some too, as well as a hands-on learning path), most notably for web applications.
Sep 5, 2023
|
By James Konik
JavaScript runtimes help you build advanced, server-driven JavaScript projects that aren't dependent on the user's browser to run. There are several choices of runtimes available, with the supremacy of the old stalwart Node.js being challenged by Deno and Bun. Deno is the latest project produced by the same developer who originally created Node.js, Ryan Dahl, back in 2009.
Sep 25, 2023
|
By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Sep 14, 2023
|
By Snyk
We recently announced Insights, a unique capability providing organizations with code to cloud application intelligence that enables development and security teams to manage their application security posture more effectively by identifying, prioritizing, and fixing those issues posing the greater risk. Watch: What Insights is How to access Insights How to use Insights Watch if you are interested in using Insights, have started, or work as an engineer, developer, or in DevOps.
Aug 29, 2023
|
By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Aug 10, 2023
|
By Snyk
Luke Sanders, Senior Technical Success Manager, shares quick tips and best practices for getting started with Snyk. Topics covered include: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Aug 4, 2023
|
By Snyk
Customer Speakers: Woolworths | Pablo Reyes, AppSec Lead Shopback | Dipin Thomas, Engineering Manager Coinhako | Metarsit Leenayongwut, Engineering Manager Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Jul 27, 2023
|
By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Jul 25, 2023
|
By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Jul 17, 2023
|
By Snyk
Learn more about Insights - a new and unique platform capability designed to help development and security teams identify and prioritize the vulnerabilities posing the greatest level of risk to the organization.
Jun 22, 2023
|
By Snyk
Snyk Security in Jira Cloud provides actionable security alerts to reduce disruption to developer productivity. Installing the app is easy.
Mar 8, 2021
|
By Snyk
This book will help both development and application security architects and practitioners address the risk of vulnerable open source libraries and discuss why such vulnerable dependencies are the most likely to be exploited by attackers.
Mar 8, 2021
|
By Snyk
Forrester conducted a customer study to get insights into why organizations choose Snyk to help them tackle and implement developer-first security. Read the report to dive into the benefits, cost and value ROI for Snyk.
Feb 1, 2021
|
By Snyk
This book reviews how the serverless paradigm affects the security of an application, and dives into the benefits it brings.
Feb 1, 2021
|
By Snyk
Snyk's annual State of Open Source Security Report 2020 is here. Download it now to learn how Open Source security is evolving.
Jan 1, 2021
|
By Snyk
"Shift left" has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails. A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don't have the knowledge or right set of tools to do so.
Jan 1, 2021
|
By Snyk
81% of security and development professionals believe developers are responsible for open source security - but many organizations are still unsure how to start building a culture and practice of DevSecOps. Puppet & Snyk's study is digging deeper into the trends of DevSecOps adoption.
Dec 1, 2020
|
By Snyk
The 2020 Gartner Market Guide for SCA is here! Recent Gartner survey finds that over 90% of organizations leverage OSS in application development - and as a result, security of open source packages was the highest ranked concern for respondents. These concerns have led to a growing market, addressed by various vendors for SCA tools that mitigate the risk of OSS. New trends emerge with devops on the rise - as the market shifts towards developer-friendly SCA tools.
- September 2023 (13)
- August 2023 (25)
- July 2023 (17)
- June 2023 (31)
- May 2023 (23)
- April 2023 (20)
- March 2023 (24)
- February 2023 (21)
- January 2023 (18)
- December 2022 (22)
- November 2022 (33)
- October 2022 (40)
- September 2022 (36)
- August 2022 (36)
- July 2022 (18)
- June 2022 (22)
- May 2022 (25)
- April 2022 (31)
- March 2022 (43)
- February 2022 (30)
- January 2022 (28)
- December 2021 (44)
- November 2021 (27)
- October 2021 (26)
- September 2021 (27)
- August 2021 (20)
- July 2021 (19)
- June 2021 (23)
- May 2021 (29)
- April 2021 (22)
- March 2021 (33)
- February 2021 (12)
- January 2021 (13)
- December 2020 (2)
Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.
Security Across the Cloud Native Application Stack:
- Open Source Security: Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process.
- Code Security: Find and fix vulnerabilities in your application code in real-time during the development process.
- Container Security Find and automatically fix vulnerabilities in your containers at every point in the container lifecycle.
- Infrastructure as Code Security Find and fix Kubernetes and Terraform infrastructure as code issues while in development.
Develop Fast. Stay Secure.