Snyk provides a comprehensive approach to developer security by securing critical components of the software supply chain, application security posture management (ASPM), AI-generated code, and more. We recognize the increasing risk of exposed secrets in the cloud, so we’ve tapped Nightfall AI to provide a critical feature for developer security: advanced secrets scanning.

In the world of software development, managing dependencies is a core part of creating strong and secure applications. Spring Boot, a favorite among Java developers, makes building applications easier, but there's more to it than meets the eye. Keeping your dependencies in check is crucial to ensure that your Spring Boot projects run smoothly and remain resilient in the face of ever-evolving threats.

Your developer teams plan to adopt a generative AI coding tool, but you — a security leader — have compliance and security concerns. Most important of which being, what if you can’t keep pace with your developers and something significant slips through the net? Luckily, you can stay secure while developing at the speed of AI with Snyk, the security companion for Amazon CodeWhisperer.

AWS offers the infrastructure, innovation, services, and reliability to run your mission-critical applications, which is why millions of customers partner with AWS to build, run, and scale applications in the cloud. But how can customers proactively ensure the security of these critical applications?

Application security posture management (ASPM) enables AppSec teams to continuously monitor, manage, and improve the security health of software applications throughout their lifecycle. It provides a framework for ensuring that applications are built securely from the start, maintained with security in mind, and continuously monitored for vulnerabilities that introduce significant risk to the business. With ASPM, we get aggregated data in a unified dashboard.

Snyk's security researchers have conducted some research to better understand the risks of WebExtensions, both well-known (i.e. XSS, code injection) and those more specific to WebExtensions themselves. From our research we identified and disclosed some vulnerabilities within some popular browser extensions: React Developer Tools and Vue.js devtools. In this post, we will explore the WebExtension technology and look into the vulnerabilities identified.

In our modern world, we constantly share private, confidential, and sensitive information over digital channels. A fundamental component of this communication is file encryption — transforming data into an unreadable format using encryption algorithms.