%term

The security concerns of a JavaScript sandbox with the Node.js VM module

Feb 22, 2023 By Liran Tal In Snyk

Were you tasked with building a product that requires the execution of dynamic JavaScript originating from end users? You might think building it on-top of Node.js VM module is a viable way to create a JavaScript sandbox. In this article, we’ll learn why that’s far from being a recommended approach and the security implications of doing so. Every now and then there’s a project that challenges the rudimentary and routine backend development. APIs? Message queues?

Read Post

Snyk

Read more about The security concerns of a JavaScript sandbox with the Node.js VM module

The Big Fix. OWASP TOP 10 Snyk Learn Path (Cryptography & Outdated Components)

Feb 22, 2023 By Snyk In Snyk

OWASP stands for Open Web Application Security Project. This non-profit foundation works to improve software security. They have published a top 10 list that acts as an awareness document for developers. It represents a broad consensus about the most critical security risks. Our goal at Snyk Learn is to educate developers and one way we do that is by covering the OWASP top 10 list.

View Video

Snyk

Read more about The Big Fix. OWASP TOP 10 Snyk Learn Path (Cryptography & Outdated Components)

Elastic on Elastic: How InfoSec uses the Elastic Stack for vulnerability management

Feb 22, 2023 By Clement Fouque In Elastic

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.

Read Post

Elastic

Read more about Elastic on Elastic: How InfoSec uses the Elastic Stack for vulnerability management

OWASP Kubernetes Top 10

Feb 21, 2023 By Nigel Douglas In Sysdig

One of the biggest concerns when using Kubernetes is whether we are complying with the security posture and taking into account all possible threats. For this reason, OWASP has created the OWASP Kubernetes Top 10, which helps identify the most likely risks.

Read Post

Sysdig

Read more about OWASP Kubernetes Top 10

5 Vulnerability Shifts You Need to Know for 2023

Feb 17, 2023 By Arctic Wolf In Arctic Wolf

Since 2017, an upwards trend of vulnerabilities has been observed, reported to, and analyzed by the National Institute of Standards and Technology (NIST). According to the National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022, making it another record-breaking year, with an increase of 25% compared to 2021. That’s a five-time increase over the past decade.

Read Post

Arctic Wolf

Read more about 5 Vulnerability Shifts You Need to Know for 2023

Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities

Feb 16, 2023 By Code Intelligence In Code Intelligence

Developers who run unit tests in Jest can now test their JavaScript applications for bugs and security vulnerabilities, including remote code execution, cross-site scripting, and injections.

Read Post

Code Intelligence

Read more about Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities

Gain visibility into open source vulnerabilities with Datadog Application Risk Management

Feb 16, 2023 By Mallory Mooney In Datadog

Open source libraries have become an indispensable part of modern applications. Approximately 90% of organizations use open source software to support their services, but monitoring these dependencies can be difficult when environments run thousands of ephemeral services. The complex nature of modern applications, in combination with the challenge of keeping a competitive edge in a fast-moving market, can make it difficult for organizations to identify and remediate threats in a timely manner.

Read Post

Datadog

Read more about Gain visibility into open source vulnerabilities with Datadog Application Risk Management

Adi Sharabani, Snyk CTO On Adapting to Change: The Future of Security in a DevSecOps World

Feb 16, 2023 By Snyk In Snyk

This is a recording of Adi Sharabani's talk at CyberTech TLV 2023.

View Video

Snyk

Read more about Adi Sharabani, Snyk CTO On Adapting to Change: The Future of Security in a DevSecOps World

A Day In The Life of A CISO - Prajal Kulkarni - CISO - Groww

Feb 16, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of A CISO - Prajal Kulkarni - CISO - Groww

Ensure a secure IT environment with integrated network vulnerability management

Feb 15, 2023 By ManageEngine In ManageEngine

NIST's National Vulnerability Database shows a quintuple increase in attacks against firmware in the last four years. These statistics indicate that cyber criminals have continually improved their techniques in penetrating your network via firmware vulnerabilities. To combat these malicious actions, let's first discuss the components that are vulnerable to these attacks.

Read Post