Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Featured Post

How to Choose the Right ASVS Level for Your Organization

The Application Security Verification Standard (ASVS) developed by the Open Web Application Security Project (OWASP) provides a robust framework for conducting penetration testing (pentesting) and security audits of web applications and infrastructure. In the evolving landscape of network security, with risks emerging in sophistication and frequency, maintaining a baseline level of compliant security procedures is highly recommended.

OSV Scanner vs npm-audit: A detailed comparison of SCA tools

The widespread adoption of external libraries and packages in the modern application development process introduces potential security risks that could impact the entire application. To address this, Software Composition Analysis (SCA) tools like npm-audit and OSV Scanner play an important role.

CVE-2024-29849: Critical Authentication Bypass in Veeam Backup Enterprise Manager

On May 21, 2024, Veeam disclosed a critical vulnerability in Veeam Backup Enterprise Manager, identified as CVE-2024-29849. This vulnerability allows an unauthenticated threat actor to log into the web interface as any user, posing a significant risk with a Common Vulnerability Scoring System (CVSS) score of 9.8. The affected application is an optional add-on application used to manage Veeam Backup & Replication via a web console in Veeam environments.

Multiple Critical SQL Injection Vulnerabilities in Ivanti Endpoint Manager

On May 21, 2024, Ivanti disclosed six critical-severity SQL Injection vulnerabilities affecting Ivanti Endpoint Manager, specifically versions 2022 SU5 and earlier. These six vulnerabilities, identified as CVE-2024-29822 through CVE-2024-29827, each carry a Common Vulnerability Scoring System (CVSS) score of 9.6. They allow unauthenticated attackers within the same network to execute arbitrary code on the Core server. This disclosure was made simultaneously with the release of a security hot patch.

Learning from cloud transformation as we move to AI

Development teams of all sizes are embracing the excitement and possibility of using AI tools to build software. Coding assistants like Google Gemini and Github Copilot have the potential to accelerate development like never before, and developers are adopting these tools — whether or not leadership has officially approved them. As your team considers the best ways to adopt this new technology, this transition might feel like déjà vu.

How to secure Python Flask applications

Flask is a powerful, lightweight, and versatile web framework for Python, that's designed to make it easy for developers to develop web applications quickly with minimal boilerplate code. It's a stand-alone microframework that doesn't need any additional libraries or tools and has no database abstraction layer.

How to Build an NPM Package for ESM and CJS

In this video, we show you how to build an NPM package that is compatible with ESM and CJS. Have you built an NPM package before? if so, share it down below in the comments! Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.