Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Snyk

Exploring 3 types of directory traversal vulnerabilities in C/C++

Apr 4, 2022 By Kirill Efimov In Snyk

Directory traversal vulnerabilities (also known as path traversal vulnerabilities) allow bad actors to gain access to folders that they shouldn’t have access to. In this post, we are going to take a look how directory traversal vulnerabilities work on web servers written on C/C++, as well as how to prevent them.

Read Post
Snyk

Browsers tormented by open roll vulnerability

Apr 1, 2022 By Kyle Suero, Aviad Hahami In Snyk

“Never click unexpected links!” Ever hear someone yell this? Virtually every person in tech has a healthy suspicion of random links; it is for a good reason. Every now and then there are huge leaks from industry leaders as a result of a targeted campaign. One of the most reliable ways to “phish” someone, or exfiltrate their credentials, is to abuse an open redirect vulnerability in a safe-looking website and redirect the victims to a malicious one.

Read Post

This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Mar 31, 2022 By Snyk In Snyk
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
View Video
Snyk

Spring4Shell: The zero-day RCE in the Spring Framework explained

Mar 31, 2022 By Brian Vermeer In Snyk

On March 30, 2022, a critical remote code execution (RCE) vulnerability was found in the Spring Framework. More specifically, it is part of the spring-beans package, a transitive dependency in both spring-webmvc and spring-webflux. This vulnerability is another example of why securing the software supply chain is important to open source.

Read Post
Snyk

Using the Snyk Vulnerability Database to find projects for The Big Fix

Mar 30, 2022 By DeveloperSteve In Snyk

As developers, we all have our morning startup routine: make coffee, check Slack/Discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk Vulnerability Database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems.

Read Post
Snyk

Is there such a thing as Spring4Shell?

Mar 30, 2022 By Micah Silverman In Snyk

Very early in the morning on March 30th (for me), my colleague DeveloperSteve posted a “Hey, have you seen this?” message in our slack channel. It was an “advance warning” of a “probable” remote code execution (RCE) in the massively popular Java Spring framework. I would come to find out that even earlier than that, the Snyk Security team started investigation a potential RCE in Spring after seeing a tweet that has since been deleted.

Read Post
Snyk

Building a secure GraphQL API with Node.js

Mar 29, 2022 By Lawrence Eagles In Snyk

GraphQL provides security straight out of the box with validation and type-checking. However, it doesn’t fully address security concerns around APIs. In this article, we’ll learn how to secure GraphQL APIs by building a simple Node.js application using Fastify and GraphQL. According to its official documentation, GraphQL is a graph query language for APIs and a runtime for fulfilling those queries with our data.

Read Post

Security at ServiceNow (feat. Karl Klaessig) - The Big Fix 2022 by Snyk

Mar 29, 2022 By Snyk In Snyk
Karl Klaessig, Director of Product Marketing and Security Operations at ServiceNow joins Randall Degges, Head of Developer Relations and Community at Snyk to discuss security challenges and how they approach them at ServiceNow. The Big Fix brought together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure through a month of fixing vulnerabilities, ending in a 24-hour livestream event.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.