%term

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Aug 10, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Snyk ranked #20 on 2022 Forbes Cloud 100 list

Aug 9, 2022 By Jeff Yoshimura In Snyk

On behalf of the entire Snyk community, I am excited to share that Forbes has named Snyk to the Forbes Cloud 100 list for the third consecutive year, coming in at #20 — which is 19 spots higher than last year! The full list was unveiled this morning.

Read Post

Snyk

Read more about Snyk ranked #20 on 2022 Forbes Cloud 100 list

Introducing Snyk Auto-Issues for Jira: a new open source application for automated issue creation

Aug 9, 2022 By Carwin Young In Snyk

One of the things I’ve grown accustomed to as a developer is fiddling around with new languages or frameworks I find interesting. So naturally, working with our partners to launch Snyk Apps is right in my wheelhouse. At work and on my own time, I enjoy trying to build something that others might find interesting or useful. As a Jira user myself, I decided to take a look at Atlassian’s Forge platform and see what I could do with it.

Read Post

Snyk

Read more about Introducing Snyk Auto-Issues for Jira: a new open source application for automated issue creation

Quick and easy vulnerability management with Calico Cloud

Aug 9, 2022 By Dhiraj Sehgal In Tigera

As more enterprises adopt containers, microservices, and Kubernetes for their cloud-native applications, they need to be aware of the vulnerabilities in container images during build and runtime that can be exploited. In this blog, I will demonstrate how you can implement vulnerability management in CI/CD pipelines, perform image assurance during build time, and enforce runtime threat defense to protect your workloads from security threats.

Read Post

Tigera

Read more about Quick and easy vulnerability management with Calico Cloud

CVE-2022-31656 - Critical Authentication Bypass Vulnerability in Multiple VMware Products

Aug 8, 2022 By Sule Tatar In Arctic Wolf

On Tuesday, August 2, 2022, VMware disclosed a critical-severity authentication bypass vulnerability (CVE-2022-31656) impacting multiple VMware products, including VMware’s Workspace ONE Access, Identity Manager (vIDM), and vRealize automation. If successfully exploited, the vulnerability could allow a threat actor with network access to the user interface to obtain administrative access without needing to authenticate.

Read Post

Arctic Wolf

Read more about CVE-2022-31656 - Critical Authentication Bypass Vulnerability in Multiple VMware Products

AWS re:Inforce 2022 recap

Aug 8, 2022 By Shilpi Bhattacharjee In Snyk

If you’re looking to catch up on what happened at this years AWS re:Inforce, this is the blog for you. There were many important announcements were this year, including some exciting updates on the cloud security front. In this post, we’ll quickly review the goals of the conference and who should attend, before diving into the keynote highlights, software updates, and helpful resources.

Read Post

Snyk

Read more about AWS re:Inforce 2022 recap

Vulnerability Scans Are a Must but Not Enough

Aug 8, 2022 By SecurityScorecard In SecurityScorecard

Vulnerability scans test for different misconfigurations and report the vulnerabilities. But they have 2 big drawbacks: You need to get consent from a company before you do a vulnerability scan on them. You may get a very rigorous readout from a vulnerability scan. But then a sleep-deprived IT administrator misconfigured the system, making your report irrelevant. On the other hand, security ratings don’t need anybody’s consent and provide continuous, real-time monitoring.

View Video

SecurityScorecard

Read more about Vulnerability Scans Are a Must but Not Enough

CREST launches OWASP Verification Standard (OVS) Program

Aug 4, 2022 By CREST

CREST OVS will provide increased levels of assurance for application security assessments.

Read Post

Read more about CREST launches OWASP Verification Standard (OVS) Program

Open Port Vulnerabilities List

Aug 4, 2022 By Dirk Schrader In Netwrix

Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389.

Read Post

Netwrix

Read more about Open Port Vulnerabilities List

Securing PHP containers

Aug 4, 2022 By Neema Muganga In Snyk

According to Wappalyzer, PHP powers over twelve million websites. Not bad for a 28-year-old language! Despite its age, PHP has kept up with modern development practices. With support for type declarations and excellent frameworks like Laravel and Symfony, PHP is still a great way to develop web apps. PHP works well in containerized environments. With an official image available on Docker Hub, developers know they can access well-tested PHP container images to build on.

Read Post