Snyk provides plugins or extensions for Visual Studio Code, Jetbrains IDEs like IntelliJ, WebStorm, PHPStorm, GoLand, and Visual Studio. But have you ever wanted to integrate Snyk in your daily work when your favorite editor or IDE is Vim, Emacs, Sublime, or Eclipse? This is going to be possible soon, as we’ve published our Eclipse plugin, including the new Snyk Language Server Protocol.
Throughout the pandemic, the increasing number of security vulnerabilities affecting major products and services reached alarming levels, according to our analysis of NIST’s (National Institute of Standards and Technology) National Vulnerability Database data.
Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.
Hack The Box (HTB) is a platform that gamifies cybersecurity training. It’s suitable for aspiring pen testers, as well as developers who want to become security champions — or simply understand the mindset of adversaries a bit better — in order to make their applications more secure.
During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.
Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.
When scanning an image you probably want to scan for both operating system vulnerabilities and vulnerabilities in the application dependencies (like npm, pom.xml, package.json etc), in order to get a full picture of the security issues within your images. Until now, when using the Snyk Container test/monitor commands to scan images you had to specify the --app-vulns flag in order to scan for application vulnerabilities.
