Ethical hacking is used to find potential security issues in computer systems and networks. In this post, we’ll cover a collection of techniques and procedures commonly used by ethical hackers to find vulnerabilities before malicious users can take advantage.
Lightweight Directory Access Protocol (LDAP) is an authentication mechanism for securing web applications. LDAP is popular because it's lightweight and scales easily — features that appeal to developers, but mean that LDAP databases often store large amounts of valuable information. This makes them an attractive target for attackers. Applications construct LDAP queries derived from user inputs to access and manipulate the information stored in LDAP databases.
We’re excited to announce a new Snyk app for Slack that provides notifications within the channels your teams rely on to address security issues in your code, open source dependencies, containers, and cloud infrastructure. Your developer teams get the notifications that matter the most, in their preferred collaboration platform, so they can act on them immediately.
Penetration testing is crucial to ensuring a resilient security posture within an organization. It simulates an attack on the system, application, or network to discover vulnerabilities before hackers do. Developers often use penetration testing to verify that applications’ internal resources are safe from unauthorized access. In this situation, the tester or ethical hacker serves as a malicious actor. They gather as much information about the system as possible to find exploitable weaknesses.
A security violation in the form of a data breach can create costly damage to a company's reputation. But what exactly is a data breach? The European Commission has divided data breaches into three distinct categories — confidentiality breaches, integrity breaches, and availability breaches: In this article, you'll learn more about what a data breach is and how you can prevent data breaches when designing and developing your software.
We’re thrilled to announce that Snyk has been named a Leader in the 2023 Gartner Magic Quadrant for Application Security Testing! Snyk was named in the Magic Quadrant for Application Security Testing (AST), for the first time, as a Visionary in 2021. And today, we’re excited and honored to announce that Gartner has recognized us in the Leaders Quadrant in the 2023 Magic Quadrant report.
SBOM is the acronym for Software Bill of Materials, which is a list of all the open source npm packages that are part of your project. But it’s not only limited to open source or software packages, and can include operating system libraries, microservices inventory and more.
The number and complexity of software vulnerabilities is continuously growing. The ability of development and security teams to assess the threat level a given vulnerability poses and prioritize fix efforts accordingly greatly depends on access to as much context as possible about the vulnerability.
Nowadays, the final product of most Git repositories is a Docker image, that is then used in a Kubernetes deployment. With security being a hot topic now (and for good reasons), it would be scanning the Docker images you create in the CI is vital. In this piece, I’ll use GitHub Actions to build Docker images and then scan them for security vulnerabilities. The Docker image built in the CI is also pushed to GitHub’s Docker registry.
