Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Cultivating Developer Adoption

Mar 9, 2023 By Snyk In Snyk
Many organizations are encouraging their developer teams to adopt a security mindset and take more ownership on security issues earlier in the development process. But how can that actually be achieved effectively and what a successful program looks like in practice? In this recording, we’ll discuss some of the program lessons we’ve learnt from many enterprises that are going through this process and investigate different methodologies for implementing DevSecOps and will share what are best practices to follow and common pitfalls to avoid.
View Video
Snyk

Comparing Node.js web frameworks: Which is most secure?

Mar 8, 2023 By Vivek Maskara In Snyk

JavaScript is the world’s most popular programming language, providing many web frameworks that help developers build secure, reliable Node.js web applications. Each framework has unique features, and which framework is right for you depends on your preference and the type of application you intend to create. With so many frameworks available, you need a way to assess their security.

Read Post

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Mar 8, 2023 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video

Snyk Workflows - Builds & Branching

Mar 7, 2023 By Snyk In Snyk
Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. What about when you need to compare different versions of code? This third session of the series covers the more advanced topic of builds and branching and more.
View Video
Snyk

Mitigating path traversal vulns in Java with Snyk Code

Mar 6, 2023 By Brian Vermeer In Snyk

Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data.

Read Post
Snyk

Snyk in 30: Developer-first security democast

Mar 2, 2023 By Jim Armstrong In Snyk

In our latest Snyk in 30 democast, I demonstrated working on an app, starting in an IDE and going all the way to the live app deployed in the cloud. Along the way, I showed how Snyk fits into the tools a real developer might use. Specifically, I focused on the practical aspects of implementing Snyk in a real-world development and cloud environment, answering questions like: I’ll cover some of the main highlights from the presentation in this blog post.

Read Post

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Mar 1, 2023 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video
Snyk

Three expert tips for cultivating secure software development practices

Mar 1, 2023 By Simon Maple In Snyk

We often hear about the importance of DevSecOps — integrating security into DevOps processes. But as many security professionals know, it’s not nearly as easy as it sounds. Cultivating secure software development practices requires working alongside developers with varying opinions, priorities, and idiosyncrasies. And any process involving humans is complicated. So, how do today’s security teams overcome these challenges and make secure software development practices a reality?

Read Post
Snyk

Finding YAML Injection with Snyk Code

Feb 23, 2023 By Calum Hutton In Snyk

I conducted some research to try and identify YAML Injection issues in open-source projects using Snyk Code. Though the vulnerability itself is not a new one, the potential impact of YAML Injection is high, which made it a good candidate for research. This research led to the discovery of several issues in open-source projects written in Python, PHP and Ruby. This article focuses on the issue found in geokit-rails version 2.3.2, a plugin for Ruby on Rails

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.