%term

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Dec 7, 2022 By Code Intelligence In Code Intelligence

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities

View Video

Code Intelligence

Read more about Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

How to Sign Kubernetes using Sigstore

Dec 7, 2022 By Snyk In Snyk

In this livestream we are joined by Adolfo Veytia, Staff Software Engineer at ChainGuard and Tech Lead on the Kubernetes SIG-Release team, as we talk about they were able to tackle signing all of the Kubernetes v1.24 image artifact using Sigstore. We then demonstrate signing an image and vulnerability scan result attestations with Sigstore's cosign utility. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about How to Sign Kubernetes using Sigstore

5 best practices for React with TypeScript security

Dec 7, 2022 By Marcelo Oliveira In Snyk

As a library focused on building user interfaces rather than a full-fledged framework, React enables developers to choose their preferred libraries for various aspects of an application, such as routing, history, and authentication. Comparatively, Microsoft created TypeScript as an extension of JavaScript to introduce optional static typing to an otherwise loosely typed language.

Read Post

Snyk

Read more about 5 best practices for React with TypeScript security

Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations

Dec 6, 2022 By IONIX In IONIX

Findings come after CISA issues binding Directive on Improving Asset Visibility and Vulnerability Detection on All Federal Networks.

Read Post

IONIX

Read more about Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations

Why tool consolidation matters for developer security

Dec 6, 2022 By Daniel Berman In Snyk

With threats to cloud native applications rising, security leaders feel more pressure than ever to counter an ever-changing risk landscape. But thanks to a rapidly expanding security solutions market, many respond to these growing demands by adding more products. With so many new tools arising to tackle security challenges, it sometimes seems like the right answer is always “one tool out of reach”.

Read Post

Snyk

Read more about Why tool consolidation matters for developer security

A Log4Shell (Log4j) Retrospective

Dec 5, 2022 By Arctic Wolf Labs In Arctic Wolf

As we approach the one-year anniversary of the Log4Shell vulnerability (CVE-2021-44228), Arctic Wolf Labs decided to look back on the impact that this critical vulnerability had (and continues to have) on organizations and assess the long tail of activity we’ve seen with threat actors continuing to use the exploit.

Read Post

Arctic Wolf

Read more about A Log4Shell (Log4j) Retrospective

How to verify and secure your Mastodon account

Dec 5, 2022 By Liran Tal In Snyk

Mastodon, the free open source self-hosted federated social network platform, has been witnessing a surge of interest and new users due to the recent developments on Twitter — specifically that of verifying accounts. One of the interest areas driving users to Mastodon has been the ability to verify their account identity and convey a sense of authenticity for the account. This provides a way to help prevent spam accounts, bots, and other issues related to fake news.

Read Post

Snyk

Read more about How to verify and secure your Mastodon account

Despite Security Scrutiny on Tech Industry, Nearly One-fourth of Applications Have High-severity Flaws

Dec 5, 2022 By Jill Newberry Queenan In Veracode

The United States, United Kingdom and other governments around the globe are making strides to defend against software supply chain attacks and strengthen the cybersecurity resilience of their departments, partners, and stakeholders.

Read Post

Veracode

Read more about Despite Security Scrutiny on Tech Industry, Nearly One-fourth of Applications Have High-severity Flaws

Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

Dec 2, 2022 By Tim Parisi In CrowdStrike

CrowdStrike Services reviews a recent, extremely persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies and outlines how organizations can defend and secure their environments.

Read Post

CrowdStrike

Read more about Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies

3 tips for effective developer security training

Dec 1, 2022 By Mariah Gresham In Snyk

“This is the golden era of application security,” says Founder of Manicode Security and secure coding trainer Jim Manico on episode 26 of The Secure Developer podcast. Ten years ago, Manico says, security training was “a quirky thing to do — something to do on the side.” Now, assessment tools are mature, good literature on assessment makes knowledge more accessible, and a wide range of intelligent people are building secure applications.

Read Post