Companies are introducing new apps and services to enable remote work, improve supply chains and handle disruptions caused by the pandemic. Our digital-first world thrives on speed and efficiency, and containers play a huge part in getting applications up and running quickly. Though containers offer many advantages over traditional virtualization, they also introduce significant security risks.
Snyk’s Senior Product Marketing Manager, Frank Fischer, recently hosted a webinar about the value in using a developer security platform to secure code, dependencies, containers, and infrastructure as code (IaC). During this talk, Fischer discussed the shift in software security that has occurred over the past decade, the need for developers to take part in the security process, and the value of Snyk in securing the entire development lifecycle.
In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!
The world of software development has been rocked by JavaScript. With nearly every modern web app making extensive use of JavaScript on the front end. And with JavaScript’s popularity also on the backend with Node.js, it’s hardly surprising that new vulnerabilities are emerging daily, given the sheer volume of open source project dependencies being used by JavaScript developers. The culprit? It all comes down to the free-ware NPM packages installed within Node.js.
Snyk recently partnered with the Linux Foundation to produce a report focusing on the state of security in the open source software (OSS) space. The report was based on 550+ survey responses and 15 interviews with OSS maintenance and cybersecurity experts. Following the report’s publication, experts from Snyk held a webinar with the Linux Foundation to discuss some of the key insights.
Snyk’s Chief Architect, Josh Stella, recently hosted a webinar about cloud security. Stella was the co-founder and CEO of Fugue, a cloud security and compliance company that was acquired by Snyk. With the capabilities of Fugue, Snyk will bring its developer-first security platform into the cloud security space. During this talk, Stella discussed the missing story in every cloud breach: the tale of how, when, and where attackers operate in the cloud.
C++ has become a pivotal part of the modern day tech industry. It has been used for multiple purposes, such as desktop applications, server applications, gaming, virtual reality, internet of things firmware, and even as the foundation for many modern day programming languages. Since the initial C++ release in 1985, as an extension to the C programming language, it was designed with an orientation towards system programming and embedded resource development.
Recently, there have been some remote code execution (RCE) attacks that included just a single line of well-built code that can run a remote shell. Let’s take a look at why and how these attacks work, why npm is particularly susceptible, what could happen if they get into machines, and how to detect and fix them.
