Snyk Security Horror Story with Andrew Betts
Andrew Betts shares his security horror story of how the Financial Times was hacked by the Syrian Electronic Army.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Providing Comprehensive Application Security from Code to Production: New Snyk and Hdiv Security Partnership
Together, we look forward to helping more global businesses to innovate securely by combining Snyk’s static analysis with Hdiv’s interactive testing capabilities. This will allow these digital-first organizations to continue their rapid pace of innovation while staying secure through comprehensive application security – from code in development to running workloads in production.
Secure Python Development and Package Management
How do you become a secure python developer? Following best practices, and learning about application security from experts! In this session we will explore and explain explain how Python manages dependencies, the requirements.txt file, and other aspects of 3rd-party open source software. We will gently touch upon an intro to the different package managers, such as pipenv, and poetry.
Snyk Security Horror Story with Jim Manico
In honor of 31 Days of Security and Halloween, Jim Manico shares his security horror story.
Security Horror Story: Accidentally exposing PII data
Nothing beats a good horror story… especially not when you talk about software development and security. I mean, what could possibly go wrong when you develop software???
Mapping vulnerabilities to microservices with Snyk and OpsLevel
John Laban is the Founder & CEO at OpsLevel. This blog post originally appeared on the OpsLevel blog. Snyk is rapidly becoming the de facto standard for businesses that want to build security into their continuous software development processes. And with their developer-first tooling and best-in-class security intelligence, it’s no surprise.
New Java 17 features for improved security and serialization
In December 2020, I wrote the article Serialization and deserialization in Java: explaining the Java deserialize vulnerability about the problems Java has with its custom serialization implementation. The serialization framework is so deeply embedded inside Java that knowing how dangerous some implementation can be is important. Insecure deserialization can lead to arbitrary code executions if a gadget chain is created from your classpath classes.
Exploring the advanced technologies behind Snyk Code
Snyk Code is the static application security testing (SAST) solution from Snyk, and it introduces some revolutionary technologies into the SAST space. It is based on the research and technologies developed by a spin-off from the ETH (Zurich/Switzerland), DeepCode which joined Snyk at the end of 2020.
Snyk joins OpenSSF: Tackling open source supply chain security with a developer-first approach
I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.