Pair Programming Live: Building SAST & Test Pipeline
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Stranger Danger: Your Java Attack Surface Just Got Bigger
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Meet the Best Hackers: Shuchita Mishra and Parth Shukla | SnykWeek Boston
During SnykWeek Boston, Shuchita Mishra and Parth Shukla were crowned the best hackers by fixing the most vulnerabilities during our fix challenge. Check out our interview with them to learn about the passion for developer security and what they loved most about Snyk.
Security Spotlight: Turning Authorization Vulns into Compilation Errors in Rust
When authorization services have errors, what happens?! Join Kyle and Nathanial as they dive deep into Dacquiri, Rust, and Authorization!
Explaining the csurf vulnerability: CSRF attacks on all versions
On September 11th, 2022, Snyk published a vulnerability report for the popular CSRF token management csurf npm package. The vulnerability impacts all known versions, which are currently yielding more than 400,000 downloads per week. The vulnerability report is based on the public disclosure by security consultant Adrian Tiron and their write-up on the Fortbridge blog.
Looking back at Black Hat USA 2022
For the past few days, I’ve been getting a lot of messages asking about my experience at this year’s Black Hat USA. So in this post, I’ll be recapping the conference to give you an inside look at what was presented and provide some helpful perspective. Black Hat is one of the largest — and most talked about — cybersecurity conferences. Its inception dates back to 1997.
What's It Like To Be Snyk's CEO? | Cloud Security Podcast Interviews Snyk CEO Peter McKay
Snyk CEO Peter McKay speaks with Shilpi Bhattacharjee of the Cloud Security Podcast about his experience as the CEO of Snyk.
This Week in VulnDB
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
Cheat sheet: Meeting security compliance standards
Security and compliance has a major role in every organization. Businesses are nothing without the trust and loyalty of their customers, and for many companies — from early-stage startups to multinational corporations — winning that trust starts by demonstrating that you have the correct security controls in place. Internationally-recognized compliance standards, such as ISO 27001, PCI-DSS, and SOC 2, make up the industry-standard goals that most businesses and organizations pursue.
Avoiding SMTP Injection: A Whitebox primer
SMTP Injection vulnerabilities are often misunderstood by developers and security professionals, and missed by static analysis products. This blog will discuss how common SMTP Injection vulnerabilities can exist in libraries and applications, and provide tips for finding and remediating them quickly.