A Day In The Life of A CISO - Sastry Tumuluri
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
The Latest Cybersecurity Threats Facing Businesses
It's incredibly important that you learn the latest cybersecurity threats that can threaten a business in 2023. Learn them here.
Essential endpoint security strategies for IT admins
When it comes to endpoint security, any oversight could allow a threat actor to penetrate your organization with ease. While your IT admins focus on bolstering endpoint network security, a threat actor focuses on finding any loopholes, making it all the more difficult to stay protected. Moreover, for every corner cut on security to improve productivity, the attack surface grows. Keeping your organization's network safe all comes down to planning and executing a proper security framework.
CISA publishes SCuBA's security configuration baseline tool for Microsoft 365
It is a no brainer that cloud adoption has surged exponentially in the last couple of years. The rise of digitization and DevOps combined with the aftermath of the pandemic has made cloud computing a critical ingredient for any organization’s growth. Gartner® predicts that by 2025, more than 95% of digital workloads will be deployed on cloud-native platforms.
SANS CyberThreat: An Inside Track on Europe's Premier Cyber Security Conference
In January the eyes of the global cyber security community will turn to London as the CyberThreat conference gets under way. First launched in 2018, the event is a highlight in the cybersecurity calendar and a must-attend for cyber security intelligence professionals. Nowhere else can attendees get such a breadth and depth of insight and experience on the cyber security trends sweeping the world - whether that's from the teams at NCSC, ENISA, the Bank of England or one of the many individual security experts gracing the agenda.
Infrastructure Attacks vs. Application Attacks
An infrastructure attack aims to exploit vulnerabilities in the network layer or transport layer. These attacks are called DDoS attacks and include SYN floods, Ping of Death, and UDP floods. Infrastructure attacks can be broken down into two subcategories: volumetric attacks and protocol attacks. Volumetric attacks focus on inundating a server with false requests to overload its bandwidth, while protocol attacks target specific protocols to crash a system.
A Pen Tester's Guide to Content Security Policy
In this article, we’ll look at Content Security Policy through the eyes of a penetration tester. We will outline the advantages of CSP, explain why you should have it on your site, and share some common misconfigurations that can be exploited, along with the relevant bypass scenarios. What is Content Security Policy?
Snyk's AppSec journey in 2022
Coming off a rough and wild end to 2021 with Log4Shell in all our minds, Snyk jumped out of the gates quickly and began providing the AppSec world with new capabilities that did not disappoint. In this blog, you can review most of the key investments we made in 2022 to improve performance, add new ecosystems, and support the enterprise.
Centralized Log Management: Why It's Essential for System Security in a Hybrid Workforce
Remote work increased due to Covid-19. Now heading into 2023, remote or hybrid workplaces are here to stay. Surveys show 62% of US workers report working from home at least occasionally, and 16% of companies worldwide are entirely remote. With a hybrid workforce, security breaches from sources were less typical with in-office work.
How SSL Encryption and SSL Decryption Work
Protecting your company's data is crucial, whether in transit, stored in a device, or a cloud-based repository. One effective way to safeguard against potential threats is through encryption. Encryption involves scrambling your data to become unreadable if it falls into the wrong hands.