As the partnership between Snyk and GitGuardian continues to grow, we’ve collaborated on a new cheat sheet that identifies key security considerations and tools that can help you mitigate risks and protect your code. The journey from code to cloud and back to code necessitates a holistic approach to security.
I am excited and humbled to share that Snyk has been named to the prestigious Forbes Cloud 100 list for the fourth consecutive year, coming in at #19. The full list was unveiled this morning. This recognition follows a number of significant company milestones, including being named a leader in both the 2023 Gartner® Magic Quadrant™ for Application Security Testing and The Forrester Wave™: Software Composition Analysis, Q2 2023 report.
Spring Security’s newly released versions contain a fix for a broken access control vulnerability – CVE-2023-34034 – which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers.
Technology has greatly transformed the automotive industry, bringing both advancements and new challenges. The reliance on connectivity and software in cars has opened the door to cyber threats, making cybersecurity a crucial concern for the automobile industry. With the increasing complexity of modern cars, there are now around 150 Electronic Control Units (ECUs) and an astonishing 100 million lines of code. Even simple functions like opening car windows require multiple software systems.
The Document Object Model (DOM) acts as an interface between HTML and JavaScript, bridging the gap between static content and dynamic interactivity. This function makes the DOM indispensable for modern web developers. However, the DOM has a pitfall — DOM clobbering. DOM clobbering occurs when HTML elements conflict with global JavaScript variables or functions, which can lead to unexpected behavior and a potential security loophole in your web application.
2023 is a year of “digital forest fires.” The MOVEit and the Barracuda Networks’ email supply chain attacks underscore the massive butterfly effect a single software flaw can have on the threat landscape. Supply chain attacks spread like a forest fire. Once cybercriminals compromise widely used software, attackers gain access to potentially all organizations that use that software.
The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022. With our role as a reverse proxy to a large portion of the Internet, Cloudflare is in a unique position to observe how the Common Vulnerabilities and Exposures (CVEs) mentioned by CISA are being exploited on the Internet. We wanted to share a bit of what we’ve learned.
As organizations increasingly adopt continuous delivery practices and deploy code as often as every few seconds, the number of vulnerabilities in your code and the potential for them to go undetected increases. Not knowing which vulnerabilities to focus on can be extremely costly—both in terms of the resources needed to address them as well as the risk they pose for your system.
With the SEC's adoption of new rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies, one thing is clear: better definitions are required.
