Technology

How to build a secure API gateway in Node.js

Dec 28, 2022 By Florian Rappl In Snyk

Microservices offer significant advantages compared to monoliths. You can scale the development more easily and have precise control over scaling infrastructure. Additionally, the ability to make many minor updates and incremental rollouts significantly reduces the time to market. Despite these benefits, microservices architecture presents a problem — the inability to access its services externally. Fortunately, an API gateway can resolve this issue.

Read Post

Snyk

Read more about How to build a secure API gateway in Node.js

API Security Best Practices

Dec 26, 2022 By AppSentinels In AppSentinels

Application Programming Interfaces (APIs) are the building blocks of modern-day applications. This software-to-software interface enables seamless collaboration and communication between applications and consumers. APIs power SaaS and cloud apps, mobile apps, micro-services, serverless functions, IoTs and even no-code frameworks.

Read Post

AppSentinels

Read more about API Security Best Practices

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

View Video

Code Intelligence

Read more about Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Microsoft Fined Euro60 Million Over Advertising Cookies

Dec 22, 2022 By Application Security Weekly In ImmuniWeb

Read also: Okta’s source code stolen after GitHub hack, Android apps are leaking API keys, and more.

Read Post

ImmuniWeb

Read more about Microsoft Fined Euro60 Million Over Advertising Cookies

Cloud security updates you need to know from re:Invent 2022

Dec 21, 2022 By Shilpi Bhattacharjee, Ashish Rajan In Snyk

After a two-year hiatus (virtual in 2020 and hybrid in 2021), AWS re:Invent was back in person this year in its full glory. Over 52,000 people attended — more than we saw at RSA (26,000) and Blackhat USA (21,000) combined this year.

Read Post

Snyk

Read more about Cloud security updates you need to know from re:Invent 2022

Sysdig Secure and Google Security Command center Integration - Why, What, How

Dec 21, 2022 By Durgesh Shukla In Sysdig

Sysdig is a premier Google Cloud Platform (GCP) partner and has been working with Google towards the common goal of supporting our customers and securing their cloud journey for the last seven years. Sysdig is focused on securing and monitoring workloads running on Google Cloud – including Google Kubernetes Engine (GKE), Autopilot, Anthos, and more. All these various elements of GCP can be protected using Google Security Command Center. Learn more about how to enhance your GCP security.

Read Post

Sysdig

Read more about Sysdig Secure and Google Security Command center Integration - Why, What, How

Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Dec 21, 2022 By Arctic Wolf Labs In Arctic Wolf

“It’s about doing good and doing it exceedingly well.” This was how Daniel Thanos, Head of Arctic Wolf Labs, described the work of Arctic Wolf Labs when accepting the award for Open-Source Tool Creator of the Year, as voted by the SANS Insitute community at the 2022 Difference Makers Awards. This prestigious awards program “honors individuals and teams in the cyber security community who have made a measurable and significant difference in security.”

Read Post

Arctic Wolf

Read more about Arctic Wolf Labs Named Open-Source Tool Creator of the Year by SANS Institute

Secure your application development with AWS and Mend

Dec 21, 2022 By Mend In Mend

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.

View Video

Mend

Read more about Secure your application development with AWS and Mend

Panel recap: Breaking Bad Security Habits with Corey Quinn

Dec 20, 2022 By Erin Cullen In Snyk

On December 8th, Clinton Herget and Simon Maple, Field CTOs at Snyk, had the opportunity to chat with Corey Quinn, Chief Cloud Economist at The Duckbill Group, podcast host, curator of “Last Week in AWS”, and snarky Twitter personality. Their conversation took a lot of fun turns, from ranting about the hour-long line to get coffee at AWS re:Invent, to Corey proclaiming that “SBOMs are a fantasy” (there’s more context to that… keep reading).

Read Post

Snyk

Read more about Panel recap: Breaking Bad Security Habits with Corey Quinn

ChatGPT: Emerging AI Threat Landscape

Dec 20, 2022 By Trustwave In Trustwave

ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because, “while the answers ChatGPT produces have a high rate of being incorrect, they typically look like they might be good, and the answers are very easy to produce,” .

Read Post