Snyk’s Security Labs team aims to find and help mitigate vulnerabilities in software used by developers around the world, with an overarching goal to improve the state of software security. We do this by targeting tools developers are using, including new and popular software solutions. With the meteoric rise in AI tooling – specifically the fast-growing field of AI-enabled development environments – we have been including such software in our research cycles.

Snyk is the trusted partner for financial services companies, empowering them to modernize application security while safeguarding critical infrastructure. Backed by industry leaders, we are committed to exceeding expectations, driving innovation, and redefining security for financial services. This is one of the reasons Snyk was recently inducted into JPMorgan Chase’s Hall of Innovation, for our central role in helping them to build the future of banking securely.

From design to deployment, the rise in AI tools and AI-generated code is changing developers’ workflows, enabling them to focus on more creative and complex tasks. However, while 96% of developers use AI coding assistants to streamline their work, it can have a negative impact on security teams. One-fifth of AppSec teams surveyed said they face significant challenges securing AI-generated code due to how quickly it’s produced.

Docker security refers to the build, runtime, and orchestration aspects of Docker containers. It includes the Dockerfile security aspects of Docker base images, as well as the Docker container security runtime aspects—such as user privileges, Docker daemon, proper CPU controls for a container, and further concerns around the orchestration of Docker containers at scale. The state of Docker container security unfolds into 4 main Docker security issues.

On November 12th, 2024, at the Pavilion Hotel in Kuala Lumpur, Snyk’s Field CTO, Pas Apicella, delivered an insightful presentation at the Digital Banking Asia Summit 2024 in Malaysia. Titled, ‘Securing the Digital Future: Best Practices for Application Security in Digital Banking’, his talk focused on actionable strategies to address pressing challenges in the financial services industry.

As the clock ticks closer to 2025, we’re all trying to brainstorm goals and resolutions for the new year. But unlike the annual pledge to exercise more and eat fewer sweets around the holidays (whoops), application security is one area where nobody can afford to slip up. Let’s skip the procrastination phase and hit the ground running with some practical New Year’s resolutions that will help you step up your AppSec game.

Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.

As we approach the end of the year, many of us are reflecting on what we accomplished in 2024 — what did we do well this year? What could we have done better? It's also the perfect time to reflect on how to improve your team’s security practices. Have you been staying ahead of threats or have you let a few vulnerabilities slip through the cracks?

Vulnerability identification is a key part of application security (AppSec). This process entails tracking and reporting the number of vulnerabilities found and fixed to give stakeholders clear insight into the organization’s security posture. However, identifying and monitoring vulnerabilities using traditional methods can make risk evaluation more difficult.