Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2024

A Simple Guide to Building a Discord Bot! (Part 3)

Dec 30, 2024 By Snyk In Snyk
This is the third video of our series 'How to Build a Discord Bot'. In this video, we will be focussing on data storage and setting up a database to store our Wordle results in. Stay tuned for the next video where we will be deploying the bot, which will be able to run 24/7! Each video will be published one week from the previous.
View Video

How to Build a Discord Bot in 16 Minutes (Part 2)

Dec 23, 2024 By Snyk In Snyk
This is the second video of our series 'How to Build a Discord Bot'. In this video, we will be learning about what Wordle is and how it works as well as building out the logic for the bot and testing it out. Stay tuned for the next video where we start using a database to store the Wordle results! Each video will be published one week from the previous.
View Video
Snyk

4 tips for securing GenAI-assisted development

Dec 18, 2024 By Sarah Conway In Snyk
Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.
Read Post
Snyk

Did you make the *security* naughty or nice list this year?

Dec 18, 2024 By Mariah Gresham In Snyk
As we approach the end of the year, many of us are reflecting on what we accomplished in 2024 — what did we do well this year? What could we have done better? It's also the perfect time to reflect on how to improve your team’s security practices. Have you been staying ahead of threats or have you let a few vulnerabilities slip through the cracks?
Read Post
Snyk

Ultralytics AI Pwn Request Supply Chain Attack

Dec 11, 2024 By Stephen Thoemmes In Snyk
The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.
Read Post
Snyk

Snyk's risk-based approach to prioritization

Dec 11, 2024 By Daniel Berman In Snyk
Vulnerability identification is a key part of application security (AppSec). This process entails tracking and reporting the number of vulnerabilities found and fixed to give stakeholders clear insight into the organization’s security posture. However, identifying and monitoring vulnerabilities using traditional methods can make risk evaluation more difficult.
Read Post
Snyk

How to mitigate SSRF vulnerabilities in Go

Dec 10, 2024 By Liran Tal In Snyk
Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.
Read Post

Application Security 101: A Guide for Developers

Dec 9, 2024 By Snyk In Snyk
Most developers and companies believe their applications to be secure and understand the importance of security. However, year after year, they continue to push vulnerable code into production... In order to avoid these pitfalls and improve the overall security of our applications, we need to understand what application security (or AppSec) is all about. In this video, you will learn what application security is, why it's important and what you can do to keep your applications secure.
View Video
Snyk

Snyk-generated SBOMs now include license details for the open source libraries in your projects

Dec 9, 2024 By Jamie Smith In Snyk
We’re excited to announce that SBOMs (software bill of materials) generated by Snyk's tools will include license information! This new capability is part of our ongoing efforts in our Software Supply Chain Security solution. The developer-first tools in the solution help you gain a better understanding of your app’s supply chain, identify potential risks, and take the necessary steps to get ahead of them.
Read Post
Snyk

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Dec 3, 2024 By Jamie Smith In Snyk
Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.
Read Post
Snyk

Seven steps to close coverage gaps with ASPM

Dec 3, 2024 By Daniel Berman In Snyk
The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.