Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Oct 5, 2022 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.
View Video

How to hack a vulnerable OWASP Node.js apps: Part 2 | Snyk

Oct 5, 2022 By Snyk In Snyk
How to hack a vulnerable OWASP Node.js Apps We are back with part 2 of this livestream. Join us as we demonstrate how you can use the Node.js app. We also show the various ways it can be hacked so you can learn how to prevent it. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.
View Video
Snyk

Snyk named a 2022 Gartner Peer Insights Customers' Choice for Application Security Testing

Oct 4, 2022 By Tony Sleva In Snyk

Snyk, the leader in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer’: Application Security Testing. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding overall rating, user interest, and adoption.

Read Post

Snyk and HashiCorp: The Snyk IaC Integration With HashiCorp Terraform Cloud and Terraform Enterprise

Oct 4, 2022 By Snyk In Snyk
In this video, learn about the Snyk IaC integration with HashiCorp Terraform Cloud and Terraform Enterprise, which enable developers to automate security checks and ensure public cloud environments are secure and compliant pre-deployment — directly in their Terraform Cloud pipelines.
View Video
Snyk

Phony PyPi package imitates known developer

Oct 4, 2022 By Kyle Suero, Elliot Ward In Snyk

Snyk Security Researchers have been using dynamic analysis techniques to unravel the behaviors of obfuscated malicious packages. A recent interesting finding in the Python Package Index (PyPi) attempted to imitate a known open source developer through identity spoofing. Upon further analysis, the team uncovered that the package, raw-tool, was attempting to hide malicious behavior using base64 encoding, reaching out to malicious servers, and executing obfuscated code.

Read Post
Snyk

Choosing the best Node.js Docker image

Sep 29, 2022 By Liran Tal In Snyk

Choosing a Node.js Docker image may seem like a small thing, but image sizes and potential vulnerabilities can have dramatic effects on your CI/CD pipeline and security posture. So, how do you choose the best Node.js Docker image? It can be easy to miss the potential risks of using FROM node:latest, or just FROM node(which is an alias for the former). This is even more true if you’re unaware of the overall security risks and sheer file size they introduce to a CI/CD pipeline.

Read Post
Snyk

Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Sep 28, 2022 By Sarah Conway In Snyk

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.