Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Snyk

Introducing Snyk Training, our online learning platform

Snyk has officially launched Snyk Training, a free online resource to help developers and security teams learn how to implement, configure, and use Snyk on their own. The initial content in Snyk Training focuses on three learning needs: The platform is an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between 3 and 10 minutes, and have been described by a customer as, a “very good overview on how to get started with the Snyk journey!”

Snyk

Controlling your server with a reverse shell attack

Creating and running an application in your favorite language is usually pretty simple. After you create your application, deploying it and showing it to the world is also quite straightforward. The last thing you need is someone to take over your system and fully control your brand new application. In this article, I’ll explain how this can happen with a reverse shell attack. Note that the code examples in this article are for educational purposes only.

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Snyk

Introducing Snyk Auto-Issues for Jira: a new open source application for automated issue creation

One of the things I’ve grown accustomed to as a developer is fiddling around with new languages or frameworks I find interesting. So naturally, working with our partners to launch Snyk Apps is right in my wheelhouse. At work and on my own time, I enjoy trying to build something that others might find interesting or useful. As a Jira user myself, I decided to take a look at Atlassian’s Forge platform and see what I could do with it.

Snyk

AWS re:Inforce 2022 recap

If you’re looking to catch up on what happened at this years AWS re:Inforce, this is the blog for you. There were many important announcements were this year, including some exciting updates on the cloud security front. In this post, we’ll quickly review the goals of the conference and who should attend, before diving into the keynote highlights, software updates, and helpful resources.

Snyk

Securing PHP containers

According to Wappalyzer, PHP powers over twelve million websites. Not bad for a 28-year-old language! Despite its age, PHP has kept up with modern development practices. With support for type declarations and excellent frameworks like Laravel and Symfony, PHP is still a great way to develop web apps. PHP works well in containerized environments. With an official image available on Docker Hub, developers know they can access well-tested PHP container images to build on.

Snyk

A definitive guide to Ruby gems dependency management

Ruby, much like other programming languages, has an entire ecosystem of third-party open source libraries which it refers to as gems, or sometimes Ruby gems. These gems are authored by the community, and are available from RubyGems.org which is the official registry for Ruby libraries. Similarly to other open source ecosystems, threat actors may publish deliberate malicious code or such which includes backdoors or credentials harvesting.

Snyk

Testing effectively in Terraform

Terraform is an infrastructure as code (IaC) solution that enables DevOps teams to use coding concepts to automatically deploy on-premise or public cloud infrastructure components. These components may include virtual machines, network components, storage, applications, or database services. Terraform provides HashiCorp Language (HCL).