%term

Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities

Feb 16, 2023 By Code Intelligence In Code Intelligence

Developers who run unit tests in Jest can now test their JavaScript applications for bugs and security vulnerabilities, including remote code execution, cross-site scripting, and injections.

Read Post

Code Intelligence

Read more about Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities

Gain visibility into open source vulnerabilities with Datadog Application Risk Management

Feb 16, 2023 By Mallory Mooney In Datadog

Open source libraries have become an indispensable part of modern applications. Approximately 90% of organizations use open source software to support their services, but monitoring these dependencies can be difficult when environments run thousands of ephemeral services. The complex nature of modern applications, in combination with the challenge of keeping a competitive edge in a fast-moving market, can make it difficult for organizations to identify and remediate threats in a timely manner.

Read Post

Datadog

Read more about Gain visibility into open source vulnerabilities with Datadog Application Risk Management

Adi Sharabani, Snyk CTO On Adapting to Change: The Future of Security in a DevSecOps World

Feb 16, 2023 By Snyk In Snyk

This is a recording of Adi Sharabani's talk at CyberTech TLV 2023.

View Video

Snyk

Read more about Adi Sharabani, Snyk CTO On Adapting to Change: The Future of Security in a DevSecOps World

A Day In The Life of A CISO - Prajal Kulkarni - CISO - Groww

Feb 16, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of A CISO - Prajal Kulkarni - CISO - Groww

Ensure a secure IT environment with integrated network vulnerability management

Feb 15, 2023 By ManageEngine In ManageEngine

NIST's National Vulnerability Database shows a quintuple increase in attacks against firmware in the last four years. These statistics indicate that cyber criminals have continually improved their techniques in penetrating your network via firmware vulnerabilities. To combat these malicious actions, let's first discuss the components that are vulnerable to these attacks.

Read Post

ManageEngine

Read more about Ensure a secure IT environment with integrated network vulnerability management

Stranger Danger: Your Java Attack Surface Just Got Bigger

Feb 15, 2023 By Snyk In Snyk

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your Java Attack Surface Just Got Bigger

When software isn't a "supply"

Feb 15, 2023 By Daniel Appelquist In Snyk

I was inspired to write this after reading a post from Thomas Depierre on Mastodon. The post touched on something that’s been troubling me recently. When it comes to software security, we spend a lot of time talking about the software supply chain and related concepts, such as the software bill of materials (SBOM). This metaphor comes from an industrial lexicon. People who are used to talking about economies and how manufacturing works are familiar with the idea of supply chain.

Read Post

Snyk

Read more about When software isn't a "supply"

The dangers of setattr: Avoiding Mass Assignment vulnerabilities in Python

Feb 15, 2023 By Jack Hair In Snyk

Mass assignment, also known as autobinding or object injection, is a category of vulnerabilities that occur when user input is bound to variables or objects within a program. Mass assignment vulnerabilities are often the result of an attacker adding unexpected fields to an object to manipulate the logic of a program.

Read Post

Snyk

Read more about The dangers of setattr: Avoiding Mass Assignment vulnerabilities in Python

Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft's February Security Update

Feb 15, 2023 By James Liolios In Arctic Wolf

On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited in the wild. These vulnerabilities impact Windows systems and Exchange servers.

Read Post

Arctic Wolf

Read more about Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft's February Security Update

Snyk Workflows - Ignores & PR Checks

Feb 15, 2023 By Snyk In Snyk

Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. Do you want your dev teams and AppSec teams to be aligned? The second session of the series digs deeper into using ignore capabilities. You’ll also learn about PR checks. This is a great way to get ahead of permissions.

View Video