%term

Installing multiple Snyk Kubernetes controllers into a single Kubernetes cluster

Aug 15, 2022 By Pas Apicella In Snyk

Kubernetes provides an interface to run distributed systems smoothly. It takes care of scaling and failover for your applications, provides deployment patterns, and more. Regarding security, it’s the teams deploying workloads onto the Kubernetes cluster that have to consider which workloads they want to monitor for their application security requirements.

Read Post

Snyk

Read more about Installing multiple Snyk Kubernetes controllers into a single Kubernetes cluster

Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

Aug 15, 2022 By JFrog In JFrog

The NVD defines one of the usages of CVSS as “a factor in prioritization of vulnerability remediation” and it is the current de-facto vulnerability metric, often seen as infallible guidance and a crucial element in many compliance processes. In our session we will go over real-world CVE examples, demonstrating cases and entire categories where CVSSv3.1 falls short of providing an accurate assessment, both due to its design and its various mishandlings. The session will also touch upon specific indicators in the CVE description that can raise the confidence in a CVSS score, and vice versa.

View Video

JFrog

Read more about Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

Untangle the Secrets of your JavaScript Dependencies

Aug 15, 2022 By Snyk In Snyk

In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.

View Video

Snyk

Read more about Untangle the Secrets of your JavaScript Dependencies

Threat Actor of the Month - GhostSec

Aug 12, 2022 By Gerard, Jacobo In Outpost 24

This month we’re introducing you to GhostSec, a hacktivist group with ties to the Anonymous collective

Read Post

Outpost 24

Read more about Threat Actor of the Month - GhostSec

Learn How to Get Started with Snyk in Less Than 1 Minute | Fast and Free

Aug 12, 2022 By Snyk In Snyk

Getting started with Snyk is fast and free. Nope, it's not a free trial. It's a free tier that you can use for personal projects or for work!

View Video

Snyk

Read more about Learn How to Get Started with Snyk in Less Than 1 Minute | Fast and Free

A Day in The Life of a Food Giant CISO - Sherif Mansour

Aug 11, 2022 By Snyk In Snyk

During this live stream we had a conversation with the director of Information Security at Just Eat Takeaway Sherif Mansour, where we explored his day-to-day activities and how Snyk's products help him to perform his role.

View Video

Snyk

Read more about A Day in The Life of a Food Giant CISO - Sherif Mansour

Introducing Snyk Training, our online learning platform

Aug 11, 2022 By Michele Wiedemer In Snyk

Snyk has officially launched Snyk Training, a free online resource to help developers and security teams learn how to implement, configure, and use Snyk on their own. The initial content in Snyk Training focuses on three learning needs: The platform is an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between 3 and 10 minutes, and have been described by a customer as, a “very good overview on how to get started with the Snyk journey!”

Read Post

Snyk

Read more about Introducing Snyk Training, our online learning platform

CVE-2022-20842 & CVE-2022-20827 - Critical Vulnerabilities in Cisco Small Business Routers

Aug 10, 2022 By Sule Tatar In Arctic Wolf

On Wednesday, August 3, 2022, Cisco disclosed two critical-severity vulnerabilities (CVE-2022-20842 and CVE-2022-20827) impacting RV160, RV260, RV340, and RV345 series small business routers. Both vulnerabilities are due to insufficient validation but differ in how they are exploited.

Read Post

Arctic Wolf

Read more about CVE-2022-20842 & CVE-2022-20827 - Critical Vulnerabilities in Cisco Small Business Routers

Controlling your server with a reverse shell attack

Aug 10, 2022 By Brian Vermeer In Snyk

Creating and running an application in your favorite language is usually pretty simple. After you create your application, deploying it and showing it to the world is also quite straightforward. The last thing you need is someone to take over your system and fully control your brand new application. In this article, I’ll explain how this can happen with a reverse shell attack. Note that the code examples in this article are for educational purposes only.

Read Post

Snyk

Read more about Controlling your server with a reverse shell attack

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Aug 10, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

View Video