Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 30, U.S. President Joseph Biden issued a sweeping Executive Order (“EO”) focused on making AI safer and more accountable.

Snyk was founded with the mission of building security products that developers actually want to use. It's how we began and it's that North Star that still drives us today. For security to work at the speed and scale of the modern security development lifecycle (SDLC), developers need tools that integrate seamlessly into the flows they use every day, providing intuitive, actionable feedback along the way.

In today's world of fast-paced software development, security is not an option — it’s a necessity. Security has become an integral part of the development process rather than a separate concern addressed by a different team once development is complete. Integrating Snyk security into your development workflows is a crucial step toward achieving comprehensive software security.

Everyone is talking about generative artificial intelligence (GenAI) and a massive wave of developers already incorporate this life-changing technology in their work. However, GenAI coding assistants should only ever be used in tandem with AI security tools. Let's take a look at why this is and what we're seeing in the data. Thanks to AI assistance, developers are building faster than ever.

On October 18, security researcher Zemnmez began the process of responsibly disclosing a "Use of Weak Hash" vulnerability that they found in crypto-js, an open source JavaScript library of crypto standards, for which maintenance has been discontinued. The vulnerability also impacts the crypto-es package (for ES6 and TypeScript), and the researcher has opened a similar issue requesting that the maintainers enable private disclosures.

When web applications rely on user-supplied data, there is a potential risk of SQL injection attacks. SQL injection is a technique used to alter a SQL statement by manipulating user input. Specifically, attackers send malicious SQL code to the database to bypass security measures and gain unauthorized access to data. The consequences can be severe, ranging from sensitive information leaks to complete system loss.

According to Snyk's 2022 State of Open Source Security report, the average JavaScript project has 49 vulnerabilities, including common ones like unsafe dependencies, cross-site scripting (XSS), weak input validation, and cross-site request forgery (CSRF). And given JavaScript's widespread use, robust security measures are increasingly important to safeguard your applications from cyberattacks.