Mass assignment is a vulnerability that allows attackers to exploit predictable record patterns and invoke illegal actions. Mass assignment usually occurs when properties are not filtered when binding client-provided data-to-data models. Vulnerabilities of this type allow an attacker to create additional objects in POST request payloads, allowing them to modify properties that should be immutable.
We have grown to expect a reasonable level of privacy and security when we use services on the web and web-based applications. That’s because these services deal with every aspect of our daily lives — from money and finances, to how we interact with government services, to our education or the education of our children, to communicating with friends and family, to healthcare, to simply buying food to eat.
Since the beginning of 2023, Snyk has documented around 6800 malicious packages across PyPI and the npm registry, which requires little to no interaction, almost 860 of which were discovered by us.
The not-so-distant memories of security events like Log4Shell and the SolarWinds attack keep software supply chain attacks front of mind for developers. There are things organizations can do to detect and deter malicious supply chain attacks, including the recently mandated (as per the U.S. federal government) software bill of materials (SBOM).
On March 2nd, 2023, the Biden-Harris Administration released a fact sheet announcing the National Cybersecurity Strategy, which outlines their vision for securing the nation's digital infrastructure and ensuring the safety of American citizens online. This strategy addresses the growing number of cyber threats facing the United States, including ransomware attacks, supply chain vulnerabilities, and state-sponsored hacking.
March 15, 2023 marked the 10-year anniversary of Solomon Hyke's famous PyCon lightning talk, when he introduced the world to Docker. Let’s look back at how much has changed and hear from some folks who have stories about blazing the trail toward the containerized world we live in today.
Amazon Web Services (AWS) remains the dominant cloud provider, with 40.8% of the market share. Many enterprises and organizations today have some, if not most, of their infrastructure on Amazon Web Services. AWS helps organizations accelerate their digital transformations and innovate faster, but there are common misconfigurations when moving to AWS.
Developers use open source code because it facilitates fast development. In fact, the vast majority of code in modern applications is open source. But just like any other code, open source libraries are open to vulnerabilities that can negatively affect a wide range of end-user products. So with widespread usage of open source, it's important for teams to be aware of the risks that can be hidden in the libraries they use.
