Best Practices with Organizing Results in Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management
Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.
What is the 'Zenbleed' Exploit and 7 Ways to Prevent it Now
In 2018, the discovery of the Meltdown and Spectre CPU vulnerabilities sent shockwaves through the tech industry. These hardware flaws allowed attackers to steal sensitive data like passwords and encryption keys from computers, smartphones, and cloud servers. Now, in 2023, history is unfortunately repeating itself. A new exploit called Zenbleed has emerged, taking advantage of similar speculative execution processes in AMD’s Zen architecture chips.
What is an Authenticated Security Scan, And Why Is It Important?
Many organizations today rely only on “unauthenticated” web application security scans, leaving their admin and user portals unchecked. While it is crucial to protect your system against external automated attacks, you shouldn’t ignore the possibility of a targeted attack from someone with valid logins. If your app lets anyone signup online, it could easily expose your business to attackers.
Why Log4j Wasn't the Developers' Fault: Understanding the Challenges of Modern Developers
In today’s fast-paced digital world, software developers face many challenges as they work tirelessly to create and maintain applications that power our daily lives. The recent Log4Shell vulnerability, which exposed a critical flaw in the widely used Log4j library, has drawn widespread attention and criticism.
Snyk is named a Strong Performer as a first-time entrant in the Forrester Wave: Static Application Security Testing (SAST) Q3 2023
In our first year participating in the Forrester Wave™: Static Application Security Testing (SAST) Q3 2023, we’re thrilled that Snyk has been recognized as a Strong Performer in a mature, yet evolving, enterprise software security category. Snyk is disrupting the SAST market with a developer-first approach to application security, illustrated by our position in strategy and market presence in the evaluation.
Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities
Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.
MOVEit Transfer: Detecting affected servers at scale
Earlier this summer, the internet was taken by storm by three critical vulnerabilities affecting MOVEit Transfer, a file-transferring software solution widely used by high-profile companies to store and share, in some cases, even the most sensitive business information.
Vulnerabilities Within Law Enforcement Exposed
On September 15th, 2023, it was announced that a company in Stockport, UK, responsible for producing ID cards for various organizations, including Greater Manchester Police, fell victim to a ransomware attack. The attack, conducted using ransomware, had significant implications. Thousands of police officers’ personal details, including their names, were at risk of exposure to the public domain.
Black Hat Asia customer panel recap: How to lead DevSecOps adoption
DevSecOps is all about collaboration: facilitating a solid partnership between development and security teams. However, these collaboration efforts won’t succeed without help from leadership. Development and security teams need top-down support to set measurable goals, create a secure CI/CD pipeline, and establish a DevSecOps culture. Three experts came together at Black Hat Asia 2023 to discuss how leadership can participate in fostering security success.