There are multiple ways to store sensitive passwords. And while having choices can be great, in the context of password storage, picking wrong can be a security nightmare. With that in mind, let’s hash out some of your options 🥁🥁.In this article we’ll discuss how you should hash passwords in your Java applications. While you can apply these principles to any ecosystem, we’ll specifically showcase the best way to handle password hashing in Java.

As developers, we need maximum visibility of what’s actually running in our cloud environments, in order to keep them secure. Infrastructure as code (IaC) helps developers automate their cloud infrastructures, so what’s deployed to the cloud is under control and can easily be audited. But achieving and maintaining 100% IaC coverage of your infrastructure has many challenges.

Our modern digital world has proven that global tensions between countries are not contained to the battlefield. As international cyberattacks and protestware proliferate, the Biden-Harris administration (White House) instructed US institutions, large and small, to be more vigilant about malicious cyber activity.

Containerization describes the creation of a self-contained computing environment that runs on a host machine and any operating system (OS) with an available container runtime engine. Built from an image, a container holds an app and the filesystem alongside configurations, dependencies, binaries, and other specifications needed to run it successfully. Containers are typically much smaller than virtual machines and run in the host’s OS rather than containing OSs themselves.

A few days ago, Snyk reported on a new type of threat vector in the open source community: protestware. The advisory was about a transitive vulnerability — peacenotwar — in node-ipc that impacted the supply chain of a great deal of developers. Snyk uses various intel threat feeds and algorithms to monitor chatter on potential threats to open source, and we believe this may just be the tip of a protestware iceberg.