Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What if I told you that simply using Redux DevTools we will be able to bypass security gates that you didn't realize you have open? Building modern web applications still leaves out many room for mistakes, and even using frameworks like React, requires adhering to many security practices, in order to get things right for security. Otherwise, you risk exposing your web applications to vulnerabilities that others can exploit.

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

Can I scan for security vulnerabilities using Maven? How can I integrate security scanning in my Maven build? How to monitor for security vulnerabilities with every Java build? Scanning the dependencies for known security vulnerabilities in your project is essential. The ideal time to start checking your dependencies is the very moment you import them! To that end, we created the Snyk Maven plugin so you can now scan your application for security vulnerabilities in third-party libraries as part of your build cycle—putting security expertise in the hands of developers.

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about Linux Capabilities and why you probably can run with none of them enabled. Linux Capabilities is item number six from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn about Snyk's Docker integrations and how the companies work together to help developers secure container images quickly and efficiently early in the software application development lifecycle.

Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too. In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about privileged mode containers and why, for the vast majority of us, it’s simply a bad idea as well as some ideas for finding and preventing its use. Privileged mode is part of item number five from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Writing quality code is something all of us developers strive for, but it's not an easy task. Secure coding conventions have long been an aspiring goal for many developers, as they scour the web for best practices, and guidelines from OWASP and other resources. Some developers may have even tried using static code analysis to find security issues, like the use of linters (ESLint), only to find out that they are brittle and report on many false positives.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.