As we enter 2023, both security and digital transformation efforts (e.g. cloud migration) continue to be important priorities for organizations. This combination brings huge challenges for IT teams, who are not only required to facilitate major digital changes and increase developer productivity but also ensure that this transformation is secure by default. When using AWS in particular, it’s challenging to understand how to strike this balance between accelerated cloud growth and security.

For most websites and apps, employing security-related HTTP headers has become standard practice. Websites use headers as part of HTTP requests and replies to convey information about a page or data sent via the HTTP protocol. They might include a Content-Encoding header to indicate that the content is a compressed zip file or a Location header to specify a redirect URL.

Microservices offer significant advantages compared to monoliths. You can scale the development more easily and have precise control over scaling infrastructure. Additionally, the ability to make many minor updates and incremental rollouts significantly reduces the time to market. Despite these benefits, microservices architecture presents a problem — the inability to access its services externally. Fortunately, an API gateway can resolve this issue.

Most developers aren’t security experts. This isn’t because we don’t care about security, it’s just that there are only so many hours in the day and features come first. Fortunately, developers don’t need to be security experts to build secure apps — they just need the right tools.

Controlling and filtering traffic when containerizing a workload within Kubernetes Pods is just as crucial as a firewall in a more traditional network setup. The difference is that, in this scenario, those capabilities are provided by the Kubernetes NetworkPolicy API. This article will explore Kubernetes NetworkPolicy by creating an example network policy and examining its core parameters. Then, we’ll look at some common NetworkPolicy use cases and learn how to monitor them using kubectl.

After a two-year hiatus (virtual in 2020 and hybrid in 2021), AWS re:Invent was back in person this year in its full glory. Over 52,000 people attended — more than we saw at RSA (26,000) and Blackhat USA (21,000) combined this year.

The holiday season is the perfect time to rewatch some favorite festive movies! While some prefer their holiday movies to be as sappy as possible (Hallmark, we’re looking at you), others relish the annual opportunity to watch an 8-year-old boy exact his revenge on two bumbling bad guys in the 1990 classic Home Alone.

On December 8th, Clinton Herget and Simon Maple, Field CTOs at Snyk, had the opportunity to chat with Corey Quinn, Chief Cloud Economist at The Duckbill Group, podcast host, curator of “Last Week in AWS”, and snarky Twitter personality. Their conversation took a lot of fun turns, from ranting about the hour-long line to get coffee at AWS re:Invent, to Corey proclaiming that “SBOMs are a fantasy” (there’s more context to that… keep reading).

In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud. They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left.

In early November, a new authorization bypass vulnerability was found in Spring Security 5. Now, before we panic let’s look into this problem to see if you are vulnerable. Although the vulnerability is classified as high, there is only a specific set of use cases that are vulnerable. This means that not everyone is vulnerable, and I will show that in a second. Regardless, the advice is to upgrade to the newer version of the Spring Security.