Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Managing vulnerabilities across multiple domains, and especially application security, is a challenging task for enterprise organizations. Security teams often find themselves grappling with fragmented tools and data, leading to inefficiencies and potential blind spots. Seemplicity’s recent integration with Ox Security addresses this issue directly, offering a unified approach to vulnerability management that bridges the gap between security, development, and operations teams.

What are some of the growing cybersecurity risks in the modern software development landscape that keep CISOs busy? Developers and security teams face an ever-increasing array of threats, from sophisticated open source and vendor-controlled supply chain attacks to vulnerabilities introduced by AI-generated code like prompt injection and poor code security by GitHub Copilot.

Snyk, a leading provider in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for a third consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.

A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).

Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.

There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.