Vulns Unleashed: Dompdf
During this live stream, we explored the vulnerability known as Dompdf. We looked at what DomPDF is, how DomPDF makes your applications vulnerable, and most importantly what you can do to protect yourself.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The dangers of assert in Python
There are many ways to find bugs in Python code: the built-in debugger (pdb), a healthy amount of unit tests, a debugger in an IDE like Pycharm or Visual Studio, try/catch statements, if/else statements, assert statements, or the tried and true practice of covering every inch of your codebase in print() statements like it’s going out of style. Assert statements can help us catch bugs quickly and are far less intrusive than copious amounts of print statements.
Signing Kubernetes with Sigstore
Adolfo García Veytia, Staff Software Engineer at ChainGuard and Tech Lead on the Kubernetes SIG-Release team, joins Eric and Kyle to talk about how they were able to tackle signing all of the Kubernetes v1.24 image artifacts using Sigstore. Then we will demonstrate signing an image and vulnerability scan result attestations with Sigstore's cosign utility.
Ruby gem installations can expose you to lockfile injection attacks
In this post, we’ll look at the security blindspots of lockfile injection that a Ruby gem might expose via its Gemfile.lock. As a prelude to that, we will open up with a brief introduction to Ruby and third-party dependencies management around RubyGems and Bundler. Web developers often work on Ruby projects, but are mostly referring to them as the popular open source web application framework Ruby on Rails.
Snyk finds PyPi malware that steals Discord and Roblox credential and payment info
Snyk security researchers continually monitor open source ecosystems for malicious packages, utilizing static analysis techniques to identify and flag suspicious packages. Each malicious package is identified upon publication to the package manager and swiftly added to the Snyk Vulnerability Database. During recent research, the team found 12 unique pieces of malware belonging to the same actor.
Top 5 C++ security risks
C++ offers many powerful capabilities to developers, which is why it’s used in many industries and many core systems. But unlike some higher-level languages that offer less direct control over resources, C++ has a variety of security concerns that developers must be keenly aware of when writing code to avoid introducing vulnerabilities into projects. As developers, we build applications with our end-users in mind. They trust us with their data, time, and device access.
Untangle the Secrets of your JavaScript Dependencies
In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.
Installing multiple Snyk Kubernetes controllers into a single Kubernetes cluster
Kubernetes provides an interface to run distributed systems smoothly. It takes care of scaling and failover for your applications, provides deployment patterns, and more. Regarding security, it’s the teams deploying workloads onto the Kubernetes cluster that have to consider which workloads they want to monitor for their application security requirements.
Learn How to Get Started with Snyk in Less Than 1 Minute | Fast and Free
Getting started with Snyk is fast and free. Nope, it's not a free trial. It's a free tier that you can use for personal projects or for work!
A Day in The Life of a Food Giant CISO - Sherif Mansour
During this live stream we had a conversation with the director of Information Security at Just Eat Takeaway Sherif Mansour, where we explored his day-to-day activities and how Snyk's products help him to perform his role.