%term

Catching Log4j in the Wild: Find, Fix and Fortify

Dec 23, 2021 By Gianni Truzzi In JFrog

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

Read Post

JFrog

Read more about Catching Log4j in the Wild: Find, Fix and Fortify

Snyk Log4Shell Stranger Danger Live Hack

Dec 22, 2021 By Snyk In Snyk

In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

View Video

Snyk

Read more about Snyk Log4Shell Stranger Danger Live Hack

Snyk Code Hands-on Workshop

Dec 22, 2021 By Snyk In Snyk

Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.

View Video

Snyk

Read more about Snyk Code Hands-on Workshop

Snyk Container in 2021: Shifting container security all the way left

Dec 22, 2021 By Jim Armstrong In Snyk

No matter how you slice it, the use of containers and Kubernetes continues to swell. And recent high profile vulnerabilities-that-shall-not-be-named have shown us how important container security is for an overall application security program. Protecting your own code, your dependencies, and the containerized services you use are all a must.

Read Post

Snyk

Read more about Snyk Container in 2021: Shifting container security all the way left

Snyk IaC in 2021: Leading infrastructure as code security for developers

Dec 22, 2021 By Lauren Place In Snyk

With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.

Read Post

Snyk

Read more about Snyk IaC in 2021: Leading infrastructure as code security for developers

AWS Live Hack Workshop: Snyk and Atlassian

Dec 22, 2021 By Snyk In Snyk

In this application live-hack with Atlassian, we demonstrate how to implement security best-practices early on in your workflow when building applications on AWS.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and Atlassian

AWS Live Hack Workshop: Snyk and Terraform

Dec 22, 2021 By Snyk In Snyk

In this video, we show a live demonstration of the EKS default settings when deploying with Terraform. Learn how small misconfigurations can create unwanted side effects and may put clusters at risk of EKS security issues as well as how you can test and remediate.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and Terraform

JavaScript type confusion: Bypassed input validation (and how to remediate)

Dec 22, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about JavaScript type confusion: Bypassed input validation (and how to remediate)

AWS Live Hack Workshop: Snyk and Docker

Dec 22, 2021 By Snyk In Snyk

In this live demo with Snyk and Docker, we show you how to scan containerized applications on Amazon EKS using a Docker CLI tool developed by both Docker and Snyk, managing open source vulnerabilities and dependencies introduced by container base images.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and Docker

AWS Live Hack Workshop: Snyk and StackHawk

Dec 22, 2021 By Snyk In Snyk

In this video with Snyk and Stackhawk, you'll see a live demo on implementing automated static and dynamic security testing across a CircleCI pipeline, finding and fixing vulnerabilities without loss of performance or developer agility.

View Video

Snyk

Read more about AWS Live Hack Workshop: Snyk and StackHawk

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Catching Log4j in the Wild: Find, Fix and Fortify

Snyk Log4Shell Stranger Danger Live Hack

Snyk Code Hands-on Workshop

Snyk Container in 2021: Shifting container security all the way left

Snyk IaC in 2021: Leading infrastructure as code security for developers

AWS Live Hack Workshop: Snyk and Atlassian

AWS Live Hack Workshop: Snyk and Terraform

JavaScript type confusion: Bypassed input validation (and how to remediate)

AWS Live Hack Workshop: Snyk and Docker

AWS Live Hack Workshop: Snyk and StackHawk

Monthly Archive

Follow Us