%term

ZAPESCAPE: Organization-wide control over Code by Zapier

Sep 19, 2022 By Michael Bargury In Zenity

In the middle of March 2022, Zenity research team discovered a sandbox-escape vulnerability in Code by Zapier, a service used by Zapier to execute custom code as part of a Zap. Exploiting this vulnerability, any user could take full control over the execution environment of their entire account allowing them to manipulate results and steal sensitive data. For example, a Zapier user could take control over the admin’s custom code execution environment.

Read Post

Zenity

Read more about ZAPESCAPE: Organization-wide control over Code by Zapier

Analysis and Remediation Guidance of CSRF Vulnerability in Csurf Express.js Middleware

Sep 19, 2022 By Mateusz Krzeszowiec In Veracode

On 28th of August fortbridge.co.uk reported a vulnerability in csurf middleware – expressjs supporting library that enables CSRF protection in expressjs. As of 13th of September csurf library has been deprecated with no plans to fix the vulnerabilities. There is no viable alternative for csurf middleware now.

Read Post

Veracode

Read more about Analysis and Remediation Guidance of CSRF Vulnerability in Csurf Express.js Middleware

This Week in VulnDB

Sep 16, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB

Cheat sheet: Meeting security compliance standards

Sep 15, 2022 By Mariah Gresham In Snyk

Security and compliance has a major role in every organization. Businesses are nothing without the trust and loyalty of their customers, and for many companies — from early-stage startups to multinational corporations — winning that trust starts by demonstrating that you have the correct security controls in place. Internationally-recognized compliance standards, such as ISO 27001, PCI-DSS, and SOC 2, make up the industry-standard goals that most businesses and organizations pursue.

Read Post

Snyk

Read more about Cheat sheet: Meeting security compliance standards

Avoiding SMTP Injection: A Whitebox primer

Sep 14, 2022 By Sam Sanoop In Snyk

SMTP Injection vulnerabilities are often misunderstood by developers and security professionals, and missed by static analysis products. This blog will discuss how common SMTP Injection vulnerabilities can exist in libraries and applications, and provide tips for finding and remediating them quickly.

Read Post

Snyk

Read more about Avoiding SMTP Injection: A Whitebox primer

10 best practices to containerize Node.js web applications with Docker

Sep 14, 2022 By Liran Tal, Yoni Goldberg In Snyk

September 14, 2022: Check out our new and improved cheat sheet for containerizing Node.js web applications with Docker! Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! The following article provides production-grade guidelines for building optimized and secure Node.js Docker images. You’ll find it helpful regardless of the Node.js application you aim to build.

Read Post

Snyk

Read more about 10 best practices to containerize Node.js web applications with Docker

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Sep 14, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Announcing the 2022 State of Cloud Security report from Snyk

Sep 13, 2022 By Megan Moore In Snyk

Cloud computing has created the most profound shift in information technology in recent memory. Leveraging cloud technology, companies can build, deploy, and scale their applications faster than ever. But the adoption of cloud native tools and processes also brings new security challenges. Between complex cloud infrastructure and the expansion of cloud-based services, malicious actors have access to a bigger attack surface than they did even a few years ago.

Read Post

Snyk

Read more about Announcing the 2022 State of Cloud Security report from Snyk

The importance of application security: keeping your web apps safe

Sep 13, 2022 By Outpost 24 In Outpost 24

Web application security is crucial for any organization that relies on web-based applications. Learn about the importance of web application security and best practices for keeping your organization safe. The importance of web application security cannot be overstated. As organizations move towards web-based applications and services to run their business and connect with customers, it is becoming more vital than ever to secure those systems from malicious attacks.

Read Post

Outpost 24

Read more about The importance of application security: keeping your web apps safe

How Spotify uses Snyk to secure the SDLC

Sep 13, 2022 By Brian Piper In Snyk

Spotify’s engineering team recently published a blog discussing their use of Snyk to maintain security testing in the SDLC. The following is a recap of that blog written by Engineering Manager, Edina Muminovic. Spotify, a company known for employing thousands of world-class developers, needed to redraw its software development lifecycle, or SDLC.

Read Post