• Trends
  • Topics
  • Nodes
Search for keywords, #hashtags, $sites, add a dash to exclude, e.g. -$theonion.com

From snyk.io

Understanding command injection vulnerabilities in Go | Snyk

1 1

Read how command injection works and the dangers it poses. Learn about practical guidance on how to prevent it. By following best practices and using tools like Snyk, you can significantly reduce the risk of command injection attacks in your Go projects.

8h ago

From snyk.io

Abusing Ubuntu 24.04 features for root privilege escalation | Snyk

0 1

With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.

on Wed, 11PM

From snyk.io

Snyk Acquires Developer-First DAST Provider Probely | Snyk

0 1

Company Now Covers API Security Testing Crucial for Modern AI Development

on Wed, 1AM

From snyk.io

Proxmox VE CVE-2024-21545 - Tricking the API into giving you the keys | Snyk

0 2

Read about a critical vulnerability (CVE-2024-21545) in Proxmox VE that allows attackers to gain full control of the system. By exploiting a flaw in the API handling, attackers with limited permissions can steal sensitive files and forge session tokens for a complete system takeover.

on Mon, 5PM

From snyk.io

Abusing Ubuntu 24.04 features for root privilege escalation | Snyk

0 10

With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.

on Sat, 8PM

From snyk.io

If you don’t know about HTTP Archive’s Web Almanac yet, you should! | Snyk

0 0

Learn about the HTTP Archive’s Web Almanac, a valuable, community-driven resource for today’s security teams.

on Nov 2

From snyk.io

Lottie Player npm package compromised for crypto wallet theft | Snyk

0 0

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package. Scan open source dependencies and container images in the CLI or your SCM with Snyk to determine if you're using one of the vulnerable versions of lottie-player, and potentially...

on Oct 31

From snyk.io

How Snyk Helps with the OWASP Software Assurance Maturity Model | Snyk

0 0

Read how the OWASP Software Assurance Maturity Model (SAMM) and Snyk can work together to provide an effective approach to measuring, managing, and improving your software security. Learn about the key benefits, practical implementation steps, and the specific tools offered by Snyk to support...

on Oct 25

From snyk.io

Decoding CVEs: A practical guide to assessing and mitigating security risks | Snyk

0 0

Let's explore the world of Common Vulnerabilities and Exposures (CVEs) with step-by-step examples of evaluating if a CVE impacts your project and pragmatic strategies for effective mitigation. This guide will empower you to tackle security vulnerabilities head-on. Don't let CVE warnings go...

on Oct 17

From snyk.io

The mysterious supply chain concern of string-width-cjs npm package | Snyk

0 0

Npm package aliasing can be a security threat. Learn about how malicious actors can exploit this feature to introduce fake packages into your projects. Protect your projects with best practices and stay vigilant against supply chain attacks.

on Oct 4

From snyk.io

DevSecCon: Developing AI Trust | Register for Free | Oct '24 | Snyk

0 0

Don't miss this DevSecCon event in October '24. Register for free to learn about the latest AI and security advancements and experience Snyk in action.

on Sep 27

From snyk.io

Snyk Vulnerability Database | Snyk

0 0

Medium severity (5.9) Prototype Pollution in node-gettext | CVE-2024-21528

on Sep 10

From snyk.io

What you should know about PHP security vulnerabilities | Snyk

0 0

Let's discuss the importance of PHP security and the business impact of some notable PHP interpreter vulnerabilities that are crucial for developers to get right.

on Sep 8

From snyk.io

The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant | Snyk

0 1

Read on to learn about the danger of the continued use of vulnerable Log4j and Spring Framework versions in many projects.

on Aug 30

From snyk.io

Four Easy Ways to Analyze your Java and Kotlin Code for Security Problems

0 0

Nowadays, the security of your applications is just as important as the functionality they provide. Therefore, analyzing your code for security vulnerabilities is a vital part of maintaining the integrity of your applications and protecting your users' data.

on Aug 30

From snyk.io

Free Interactive Secure Development Training

0 0

Snyk Learn is developer-first security education that offers free interactive lessons on how to fix vulnerabilities in applications, containers, and IaC.

on Aug 9

From snyk.io

10 modern Node.js runtime features to start using in 2024 | Snyk

0 0

This post will explore 10 modern Node.js runtime features that every developer should start using in 2024. We'll cover everything from fresh off-the-press APIs to the compelling features offered by new kids on the block like Bun and Deno.

on Aug 7

From snyk.io

Preventing SQL injection in C# with Entity Framework | Snyk

0 1

In this blog, we'll discuss strategies to protect your C# code from SQL injection.

on Aug 3

From snyk.io

Repo Jacking: The Great Source-code Swindle | Snyk

0 0

In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC...

on Aug 3

From snyk.io

The security concerns of a JavaScript sandbox with the Node.js VM module | Snyk

0 0

In this post, we'll cover security concerns of a JavaScript sandbox with the Node.js VM module and how to mitigate them.

on Jul 18

From snyk.io

Polyfill supply chain attack embeds malware in JavaScript CDN assets | Snyk

0 0

On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company.

on Jun 28

From snyk.io

Talk to us about Snyk CLI | Snyk

0 0

In today’s blog post, the Snyk CLI team will share how our research informs product discovery, development, and impact, where we need your help, and how you can share your experience and pain points with us.

on Jun 25

From snyk.io

Call for action: Exploring vulnerabilities in Github Actions | Snyk

0 0

In this blog post, we will provide an overview of GitHub Actions, examine various vulnerable scenarios with real-world examples, offer clear guidance on securely using error-prone features, and introduce an open source tool designed to scan configuration files and flag potential issues.

on Jun 24

From snyk.io

Snyk CLI: Introducing Semantic Versioning and release channels | Snyk

0 0

We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.

on May 23

From snyk.io

Building an npm package compatible with ESM and CJS in 2024 | Snyk

0 0

Publishing JavaScript packages that are compatible with both ECMAScript Modules (ESM) and CommonJS (CJS) is a critical skill for developers who aim to integrate wide-ranging libraries. This write-up focuses on practical approaches and best practices for maintaining ESM and CJS support.

on May 5

From snyk.io

Why did is-promise happen and what can we learn from it | Snyk

0 0

On the 25th of April 2020, version 2.2.0 of is-promise library on npm was released by JavaScript developer and maintainer Forbes Lindesay. Reportedly, this release caused failures in popular developer build tools used for scaffolding new projects, such as Facebook’s create-react-app, Google’s...

on Apr 25

From snyk.io

An investigation into code injection vulnerabilities caused by generative AI | Snyk

0 0

In this article, we look at the potential security implications of large language models (LLMs), a text-producing form of generative AI.

on Apr 18

From snyk.io

Nine Docker pro tips for Node.js developers | Snyk

0 0

In this post, we dive into nine lesser-known yet highly effective commands that can significantly improve your Docker experience in Node.js.

on Apr 12

From snyk.io

The XZ backdoor CVE-2024-3094 | Snyk

0 0

On the 29th of March 2024, the high-stakes investment and prolonged campaign to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions was carried out by a malicious actor.

on Apr 8

From snyk.io

What is a backdoor? Let’s build one with Node.js | Snyk

0 0

A backdoor in our code that can perform OS injection is a considerable threat.

on Apr 1

From snyk.io

Preventing SQL injection attacks in Node.js | Snyk

0 0

In this article, you'll learn more about why SQL injection attacks pose a significant threat and how to shield your Node.js applications against them.

on Mar 7

From snyk.io

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust | Snyk

0 0

In this article, we will compare three popular container signing solutions: Sigstore Cosign, Notary v2, and Docker Content Trust (DCT), (a.k.a. Notary v1). You'll learn about their features, capabilities, and suitability for securing container image supply chains.

on Mar 6

From snyk.io

Copilot amplifies insecure codebases by replicating vulnerabilities in your projects | Snyk

0 0

Did you know that GitHub Copilot may suggest insecure code if your existing codebase contains security issues? In this post, we’ll go through a concrete example showing how Copilot can replicate existing security issues in your code.

on Mar 2

From snyk.io

Snyk Leaky Vessels Docker Vulnerability Research Deep Dive | Snyk

0 0

Learn how Snyk security researchers uncovered the Leaky Vessels container breakout Docker vulnerabilities assigned CVE-2024-21626, CVE-2024-23652, CVE-2024-23651, and CVE-2024-23653.

on Feb 29

From snyk.io

Automatic source locations with Rego | Snyk

0 0

We recently released a series of improvements to Snyk IaC, and in this blog post, we’re taking a technical dive into a particularly interesting feature — automatic source code locations for rule violations.

on Feb 14

From snyk.io

Creating SBOMs with the Snyk CLI | Snyk

0 0

In this post, we'll delve into what SBOMs are, why they're necessary, and their role in open source security — plus how the Snyk CLI makes generating them easier than ever.

on Feb 9

From snyk.io

10 GitHub Security Best Practices | Snyk

0 0

Learn more about 10 GitHub Security Best Practices to be more secure as a GitHub user or contributor.

on Feb 8

From snyk.io

3 tips for rebuilding a Docker image faster (and save CI seconds!) | Snyk

0 0

Learn about three great ways to rebuild a Docker image faster: Add a .dockerignore file to your repository, use a dependency lockfile, and group commands!

on Feb 7

From snyk.io

Leaky Vessels: Docker and runc Container Breakout Vulnerabilities - January 2024 | Snyk

0 0

Snyk Security Labs Team has identified four container breakout vulnerabilities in core container infrastructure components including Docker and runc, which also impacts Kubernetes.

on Feb 5

From snyk.io

CVE-2024-21626 runc process.cwd & leaked fds container breakout | Snyk

0 0

CVE-2024-21626: Snyk has discovered an order of operations container breakout vulnerability in all versions of runc <=1.1.11, as used by the Docker engine and other containerization technologies.

on Feb 1

From snyk.io

Snyk Powered by DeepCode AI | Snyk

0 0

Learn how Snyk leverages the Deepcode AI hybrid model to empower developers with efficient and accurate AppSec solutions.

on Jan 23

From snyk.io

Top 3 security best practices for handling JWTs | Snyk

0 0

In this blog post, we will discuss the top three security best practices for handling JWTs. We will also provide practical examples using Python and show how Snyk can help you identify and remediate security vulnerabilities in your application.

on Jan 22

From snyk.io

Common SAML vulnerabilities and how to remediate them | Snyk

0 0

This blog aims to give a short overview of popular SAML vulnerabilities and how they can be remediated with some examples.

on Jan 22

From snyk.io

Reminder: v1 List All Projects API end-of-life and upcoming brownout - snyk.io updates

0 0

 Deprecated   We announced on June 22nd that we will end-of-life the v1 List All Projects API on December 22nd....

on Jan 9

From snyk.io

Build and deploy a Node.js security scanning API to Platformatic Cloud | Snyk

0 0

In this guide, we'll dive into the powerful combination of Platformatic, Fastify, and Snyk, unlocking rapid backend development with an emphasis on robustness and security.

on Jan 7

From snyk.io

Find and fix Struts CVE-2023-50164 path traversal vulnerability | Snyk

0 0

CVE-2023-50164 is a critical vulnerability in the Apache Struts library. Learn how to find and fix by upgrading your package and using Snyk to discover and remediate.

on Jan 3

From snyk.io

Securing Symmetric Encryption Algorithms in Java

0 0

Encryption is converting readable data or plaintext into unreadable data or ciphertext, ensuring that even if encrypted data is intercepted, it remains inaccessible to unauthorized individuals.

on Dec 30

From snyk.io

Handling security vulnerabilities in Spring Boot

0 0

Keeping your dependencies in check is crucial to ensure that your Spring Boot projects run smoothly and remain resilient in the face of ever-evolving threats.

on Dec 22

From snyk.io

How to create SBOMs in Java with Maven and Gradle | Snyk

0 0

Learn how to easily create a software bill of materials (SBOM) for your Java applications in Maven and Gradle.

on Dec 20

From snyk.io

Announcing Snyk AppRisk ASPM: Elevate Your AppSec Game | Snyk

0 0

Announcing Snyk AppRisk for ASPM to revolutionize the way AppSec teams manage and enhance the security posture of their applications with Snyk.

on Dec 19