%term

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post

Snyk

Read more about Mitigating path traversal vulns in Java with Snyk Code

Wallarm Platform Demo: API Attack Perimeter Visibility

Mar 6, 2023 By Wallarm In Wallarm

Learn about our CVE Exposure capabilities, which provides in-depth insight into vulnerabilities and attacks against your APIs, and how to remediate these issues.

View Video

Wallarm

Read more about Wallarm Platform Demo: API Attack Perimeter Visibility

Wallarm Platform Demo: API Discovery & API Posture Management

Mar 6, 2023 By Wallarm In Wallarm

Learn how to discover all the APIs in your portfolio, based on actual traffic instead relying on schemas, including internal and external-facing endpoints, so you can protect them against OWASP Top-10 threats like Injections and BOLA, ensure sensitive data are protected against unintentional or malicious disclosure, and much more.

View Video

Wallarm

Read more about Wallarm Platform Demo: API Discovery & API Posture Management

Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release

Mar 3, 2023 By Nova In Veracode

In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.

Read Post

Veracode

Read more about Resolving CVE-2022-1471 with the SnakeYAML 2.0 Release

This Week in VulnDB - The Big Fix Edition

Mar 3, 2023 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - The Big Fix Edition

Critical RCE Vulnerability in Multiple Cisco IP Phones: CVE-2023-20078

Mar 3, 2023 By James Liolios In Arctic Wolf

On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows for unauthenticated execution of arbitrary code. The vulnerability was responsibly disclosed to Cisco by a security researcher, and security patches are available to remediate the vulnerability.

Read Post

Arctic Wolf

Read more about Critical RCE Vulnerability in Multiple Cisco IP Phones: CVE-2023-20078

Snyk in 30: Developer-first security democast

Mar 2, 2023 By Jim Armstrong In Snyk

In our latest Snyk in 30 democast, I demonstrated working on an app, starting in an IDE and going all the way to the live app deployed in the cloud. Along the way, I showed how Snyk fits into the tools a real developer might use. Specifically, I focused on the practical aspects of implementing Snyk in a real-world development and cloud environment, answering questions like: I’ll cover some of the main highlights from the presentation in this blog post.

Read Post

Snyk

Read more about Snyk in 30: Developer-first security democast

OAuth security gaps at Booking.com (now remediated)

Mar 2, 2023 By Salt Security In Salt Security

This short video explains how Salt Labs researchers identified several critical security flaws on the popular travel site Booking.com. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user such as booking or canceling reservations and ordering transportation services.

View Video

Salt Security

Read more about OAuth security gaps at Booking.com (now remediated)

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Mar 1, 2023 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Three expert tips for cultivating secure software development practices

Mar 1, 2023 By Simon Maple In Snyk

We often hear about the importance of DevSecOps — integrating security into DevOps processes. But as many security professionals know, it’s not nearly as easy as it sounds. Cultivating secure software development practices requires working alongside developers with varying opinions, priorities, and idiosyncrasies. And any process involving humans is complicated. So, how do today’s security teams overcome these challenges and make secure software development practices a reality?

Read Post