Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How to mitigate SSRF vulnerabilities in Go
Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.
Application Security 101: A Guide for Developers
Most developers and companies believe their applications to be secure and understand the importance of security. However, year after year, they continue to push vulnerable code into production... In order to avoid these pitfalls and improve the overall security of our applications, we need to understand what application security (or AppSec) is all about. In this video, you will learn what application security is, why it's important and what you can do to keep your applications secure.
Snyk-generated SBOMs now include license details for the open source libraries in your projects
We’re excited to announce that SBOMs (software bill of materials) generated by Snyk's tools will include license information! This new capability is part of our ongoing efforts in our Software Supply Chain Security solution. The developer-first tools in the solution help you gain a better understanding of your app’s supply chain, identify potential risks, and take the necessary steps to get ahead of them.
2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps
Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.