Session 1: From attack to writing code...what do you need to know as a developer? We will look at a concrete attack called: "XML external entity attack (XXE)" and see how we can trace it back to writing code. The described mitigations are simple: configure your parser securely, but is it this simple? We will focus on some examples and see if we can catch the attack with tests, code reviews, etc. Nanne Baars, Developer at Xebia and OWASP WebGoat Project lead

Session 1: Threat Modelling Kubernetes Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling!

We’re proud to announce our Series F funding at a $8.5B valuation, co-led by Capital Ventures and Tiger Global! We believe in helping the world’s developers build secure applications and equipping security teams to meet the demands of the digital world. Thank you to our investors and community for supporting our vision. We're excited to continue our journey of advancing and leading developer security.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

SQL injection, also known as SQLi, is one of the most dangerous vulnerabilities for online applications. It's a common method used by attackers to manipulate and access database information that would otherwise not be displayed or provided to the website user. In this video, you'll learn what SQL injection is and why you should be aware of it.

What if I told you that simply using Redux DevTools we will be able to bypass security gates that you didn't realize you have open? Building modern web applications still leaves out many room for mistakes, and even using frameworks like React, requires adhering to many security practices, in order to get things right for security. Otherwise, you risk exposing your web applications to vulnerabilities that others can exploit.

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

Can I scan for security vulnerabilities using Maven? How can I integrate security scanning in my Maven build? How to monitor for security vulnerabilities with every Java build? Scanning the dependencies for known security vulnerabilities in your project is essential. The ideal time to start checking your dependencies is the very moment you import them! To that end, we created the Snyk Maven plugin so you can now scan your application for security vulnerabilities in third-party libraries as part of your build cycle—putting security expertise in the hands of developers.