Stranger Danger Live Hacking Session CNAS
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Guide to Software Composition Analysis (SCA)
2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better compete in their respective markets.
Goodbye, 2020! Lookout, 2021
Like most people, I am not at all sad to see 2020 go. It introduced unique pressures that challenged all of us in different ways. As snykers, I believe we have emerged stronger. Throughout the year, our global team—alongside our partners and customers—reached so many impressive milestones, made that much sweeter due to the headwinds we all faced in achieving them. Ending the fiscal year, Snyk: Yes—two acquisitions.
Security Challenges and Opportunities of Remote Work | Kill the VPN |
The COVID-19 pandemic forced many organizations to shift to a remote workforce almost overnight, most of which were not prepared for the sudden change. In their efforts to ensure their employees could remain productive, a number of organizations relaxed their security policies and unwittingly exposed their networks to compromise. As the pandemic continues, security challenges remain, but organizations also now have opportunities to find and fix vulnerabilities and improve their overall security posture, even as their employees eventually migrate back to the office.
Integrating identity: OAuth2 and OpenID Connect in Open Policy Agent
In order to make policy decisions we commonly need to know the identity of the caller. Traditionally this has often been done by providing a user or client identifier along with the request, and using that identifier to look up further information like user details or permissions from a remote data source. While this model works fairly well for many applications, it scales poorly in distributed systems such as microservice environments.
Docker for Node.js developers: 5 things you need to know not to fail your security
Docker is totalling up to over 50 billion downloads of container images. With millions of applications available on Docker Hub, container-based applications are popular and make an easy way to consume and publish applications. That being said, the naive way of building your own Docker Node.js web applications may come with many security risks. So, how do we make security an essential part of Docker for Node.js developers?
Vulnerability Assessment Using Datadog and Snyk
Vulnerability assessment for teams can often be overwhelming. This joint Datadog and Snyk session demonstrates the new integration between the two companies, which enables developers to precisely identify and prioritize code-level security fixes in production applications. Using a sample Java application, you'll see how Snyk surfaces vulnerability information at runtime inside the Datadog UI to help users triage fixes by not just seeing that a vulnerability exists but also how often they are exposed.
Microservices, Containers and Kubernetes in 10 minutes
What is a microservice? Should you be using microservices? How are microservices related to containers and Kubernetes? If these things keep coming up in your day-to-day and you need an overview in 10 minutes, this blog post is for you. Fundamentally, a microservice is just a computer program which runs on a server or a virtual computing instance and responds to network requests.
15 minute demo | Teleport Cloud | SSH | Kubernetes | Application access
Try out Teleport Cloud today! Teleport implements industry best security practices out of the box and brings all computing resources into compliance with security standards such as SOC2, PCI, and FedRAMP by providing all necessary access controls as well as audit and visibility into access and behavior across all computing environments Benefits of Teleport cloud Shorter time to production No hardware or software to procure, simple pricing Wizard-based approach to setup and configuration Shared-nothing infrastructure, no noisy neighbor problems.
How to Securely Access Compute Resources in Cloud Environments
Virag Mody, Technical Writer for Gravitational gave a concise talk on Infrastructure Security best practices for this ADTmag Webinar. In the talk he covers why certificate authorities are so important, and what individuals can do to create a more secure infrastructure access process.