Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk Learn, our developer security education platform, now includes lessons on API security! Check out the new learning path that covers the OWASP Top 10 for API security risks. APIs power the modern web, connecting applications and services in ways that drive innovation and efficiency. However, with this interconnectivity comes significant security risks.

JWTs are often used by developers who seek to implement authentication over traditional cookie-based sessions. However, what happens when developers misunderstand JWT security and risk a severe broken authentication vulnerability?

As developers continue to adopt AI tools to transform their workflows, AI-generated code has become more common. In fact, 96% of developers reported using AI coding assistants to streamline their work. Although generative AI (GenAI) tools like ChatGPT can speed up workflows and boost productivity, the security and quality of the outputs aren’t guaranteed.

AI has made good on its promise to deliver value across industries: 77% of senior business leaders surveyed in late 2024 reported gaining a competitive advantage from AI technologies. While AI tools allow developers to build and ship software more efficiently than ever, they also entail risk, as AI-generated code can contain vulnerabilities just like developer-written code. To enable speed and security, DevSecOps teams can adopt tools to integrate security tasks into developer workflows.

How good is Symbolic AI as an automated expert system for analyzing code paths and detecting security vulnerabilities? Snyk Code is tested and demonstrates the benefits of rule-based, algorithmic systems.

With the announcement of Anthropic’s Claude 3.7 Sonnet model, we, as developers and cybersecurity practitioners, find ourselves wondering – is the new model any better at generating secure code? We commission the model to generate a classic CRUD application with the following prompt: The model generates several files of code in one artifact, which the user can manually copy and organize according to the file tree suggested by Claude alongside the main artifact.

Today’s risk environment is constantly evolving as threat actors exploit the complexity of modern software. That's why it's crucial to prioritize security throughout the entire application lifecycle, from beginning to end. However, many software teams only start thinking about security when application development is well underway.

Using strong cryptography is essential for data protection and application security, such as tasks required for hashing passwords (which, technically, isn’t classic cryptography for the sake of encryption). However, some legacy code may still be deployed to production using weak and outdated cryptographic algorithms that weren’t found. How can Snyk Code help you find these vulnerable applications?

Researchers recently found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code. This version took advantage of how Go manages and caches its modules, allowing it to go unnoticed for several years. This backdoor allows hackers to remotely control infected computers through a server that sends them commands i.e. via a command and control server.