Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Learn about The Big Fix campaign which Snyk is leading to help developers, and security practitioners fix security issues. Join us to get a sneak (snyk?) peak into the fun.

CISO Journey What is a like CISO role? what was it like an operational ciso v/s a field ciso? like rght now we are talking only about log4j issues and how it would have been for you. What would have been your strategy? Have you seen other field Cxo’s? What is one Unique thing, you are trying to implement? How different is this role from a regular CISO?

The Big Fix brings together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure. Our goal is to make security 100x better in 2022 by finding and fixing 202,200 security vulnerabilities! Join us to help find (and fix!) security vulnerabilities while making friends and winning swag. In this short video we'll help you get started finding (and fixing!) security vulnerabilities in your applications -- it's easy!

As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?

We talk with the Claroty team and Daniel Stenberg, creator of curl, about URL Confusion Vulnerabilities.

Brian and Kyle chat with Johannes about the project!

On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.

Navigating the world of secure software development is hard. There is a lot of noise and not enough time to investigate everything thoroughly. Make your life and the lives of your colleagues easier by building a world-class DevSecOps automation pipeline. Automate feedback delivery in a way that makes sense. It doesn’t have to be hard; automate the pain away!

We hear a lot about DevOps but how do we turn it from myth into reality? In this panel with Waleed Arshad, Community Manager at Snyk, Frank Dornberger, Team lead of DevSecOps at movingimage EVP GmbH, and Idir Ouhab Meskine, Staff Solutions Engineer at Splunk, we're go over: Waleed Arshad, Community Manager at Snyk Frank Dornberger, Teamlead DevSecOps at movingimage EVP GmbH Idir Ouhab Meskine, Staff Solutions Engineer at Splunk

Note: As of Dec. 28, 2 PM PST, we recommend upgrading to the latest Log4j version. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code.. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.