Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.

To help businesses develop fast and stay secure, Snyk prioritizes seamless compatibility with developers’ existing workflows. In other words, every major tool or environment a developer touches in their everyday work can interface with Snyk tooling. This compatibility includes partnerships with major cloud providers like Google Cloud.

We’re excited to announce that the Snyk Language Server (LS for short) can now be integrated with your existing IntelliJ IDEs.

Faced with the growing complexity of software development environments, combined with expanding cyber threats and regulatory requirements, AppSec teams find themselves grappling with a daunting array of challenges. While the advent and subsequent adoption of "shift left" methodologies marks a significant and necessary step forward, it is now evident that this approach requires an accompanying mindset shift.

96% of developers use AI coding tools to generate code, detect bugs, and offer documentation or coding suggestions. Developers rely on tools like ChatGPT and GitHub Copilot so much that roughly 80% of them bypass security protocols to use them. That means that whether you discourage AI-generated code in your organization or not, developers will probably use it. And it comes with its fair share of risks. On one hand, AI-generated code helps developers save time.