A Day In The Life of A CISO - Chris Hughes
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How Malicious NPM Packages Make Your Apps Vulnerable
During this live stream we had a conversation with Zbyszek Tenerowicz (ZB) where he discuss how we can be susceptible to malicious packages as developers. Didn't catch the live stream? Ask all of your Snyk questions, and we’ll do our very best to answer them in the comment section. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Best practices for container isolation
Containers are a standardized software packaging format that provides a predictable, replicable way to run applications. Container isolation is one of the primary benefits of containerized applications. Using containers enables us to isolate our software from its environment, increasing consistency and reliability across our development and staging environments. You’re probably familiar with — or are using — Docker containers.
Applying the principle of least privilege to Kubernetes using RBAC
The principle of least privilege (PoLP) is a defensive strategy in the software development world. Alternatively called the principle of minimal privilege or the principle of least authority, PoLP ensures that users can only access the systems, processes, networks, and files required to complete their assigned tasks. When properly configured, unauthorized users can’t navigate to restricted application functions or switch roles.
Building Modern Access-Control for Cloud Applications with Or Weis | SnykLIVE Recording
With the growing complexity of modern applications and microservices based architectures getting access-control right has become a huge ongoing pain-point, as companies find themselves reimplementing access-control over and over. Solutions are found in the new tool sets of policy as code, as well as the 5 best practices and open-source tools (e.g. OPA, OPAL, Zanzibar) we can use to face the challenge.
Best practices for managing Java dependencies
Creating Java applications is great, and many resources are available. To speed up development, many folks use frameworks and libraries that do some of the heavy lifting. When looking at modern Java applications, almost all of them contain dependencies from libraries developed by someone else. Dependencies take up about 80 to 90 percent of the binary — so, we should take good care of them when creating a Java project.
Building a secure API with gRPC
A Google remote procedure call (gRPC) is Google’s open source version of the remote procedure call (RPC) framework. It’s a communication protocol leveraging HTTP/2 and protocol buffer (protobuf) technologies. gRPC enables a remote client or server to communicate with another server by simply calling the receiving server’s function as if it were local. This makes communicating and transferring large data sets between client and server much easier in distributed systems.
PyPi Malware Stealing Discord and Roblox Payment Info
Raul Onitza-Klugman, Senior Security Researcher at Snyk, joins Kyle to take a deep dive in to the latest set of malicious packages discovered by the Snyk Security Research team. Join us as we discuss how these findings came to be, what they mean for open source security, and some hypotheses about the future of supply chain security.
Stranger Danger: Your Java Attack Surface Just Got Bigger
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
8 tips for securing containers from source to runtime
Today we’re announcing a new container security cheat sheet and report — created in collaboration with our partner Sysdig. Download cheatsheet In this post, we’ll outline tips to help you successfully navigate the challenges of container security with a focus on three core principles: Traditional security approaches are incapable of handling the distributed and ephemeral nature of containers.