Adi Sharabani, Snyk CTO On Adapting to Change: The Future of Security in a DevSecOps World
This is a recording of Adi Sharabani's talk at CyberTech TLV 2023.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
A Day In The Life of A CISO - Prajal Kulkarni - CISO - Groww
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Ensure a secure IT environment with integrated network vulnerability management
NIST's National Vulnerability Database shows a quintuple increase in attacks against firmware in the last four years. These statistics indicate that cyber criminals have continually improved their techniques in penetrating your network via firmware vulnerabilities. To combat these malicious actions, let's first discuss the components that are vulnerable to these attacks.
When software isn't a "supply"
I was inspired to write this after reading a post from Thomas Depierre on Mastodon. The post touched on something that’s been troubling me recently. When it comes to software security, we spend a lot of time talking about the software supply chain and related concepts, such as the software bill of materials (SBOM). This metaphor comes from an industrial lexicon. People who are used to talking about economies and how manufacturing works are familiar with the idea of supply chain.
The dangers of setattr: Avoiding Mass Assignment vulnerabilities in Python
Mass assignment, also known as autobinding or object injection, is a category of vulnerabilities that occur when user input is bound to variables or objects within a program. Mass assignment vulnerabilities are often the result of an attacker adding unexpected fields to an object to manipulate the logic of a program.
Multiple Critical & Actively Exploited Vulnerabilities Patched in Microsoft's February Security Update
On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited in the wild. These vulnerabilities impact Windows systems and Exchange servers.
Snyk Workflows - Ignores & PR Checks
Snyk integrates with your IDEs, repos, workflows, and automation pipelines to add security expertise to your toolkit. The “menu” of options available to you is extensive, so we created this three-part series to get you started and running. Do you want your dev teams and AppSec teams to be aligned? The second session of the series digs deeper into using ignore capabilities. You’ll also learn about PR checks. This is a great way to get ahead of permissions.
Stranger Danger: Your Java Attack Surface Just Got Bigger
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Vulnerability Prioritization - Combating Developer Fatigue
We are in early 2023, and we have over 2700 new vulnerabilities registered in CVE. It is still a challenge for developers to endure the fatigue of continually vulnerability prioritization and mitigating new threats. Our findings in the Sysdig 2023 Cloud-Native Security and Container Usage Report provide signs of hope for overburdened developers, as the data showed opportunities to focus remediation efforts on vulnerable packages loaded at runtime.
How to find and fix jQuery vulnerabilities
Using an outdated jQuery library can open up your web application to vulnerabilities. Read more to find out how to find and fix jQuery vulnerabilities. jQuery is among the oldest JavaScript libraries available online. It simplifies your coding and is used by countless websites. But there is an inherent danger that lies with outdated jQuery libraries: they are vulnerable to risks such as cross-site scripting.