%term

How to use Java DTOs to stay secure

Oct 11, 2022 By Brian Vermeer In Snyk

Data Transfer Objects (DTOs) in Java are objects that transport data between subsystems. It is an enterprise design pattern to aggregate data. The main purpose is to reduce the number of system calls needed between the subsystems, reducing the amount of overhead created. In this article, I will explain how DTOs are used in modern Java applications, ways your application can benefit, and how Java DTOs can help you be more secure by preventing accidental data leaks.

Read Post

Snyk

Read more about How to use Java DTOs to stay secure

DirtyCred: Opening Pandora's Box to Current and Future Container Escapes

Oct 10, 2022 By Manoj Ahuje In CrowdStrike

DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.

Read Post

CrowdStrike

Read more about DirtyCred: Opening Pandora's Box to Current and Future Container Escapes

Security lessons with a Snyk Ambassador

Oct 10, 2022 By Andres Haro In Snyk

Security has been a concern in the tech industry for years now. However, not a lot of companies follow their own protocols or guides when it comes to securing code. It’s easy to believe that security incidents are uncommon (or unlikely to happen in your own organization), but the latest issue with Uber is one of many examples to the contrary.

Read Post

Snyk

Read more about Security lessons with a Snyk Ambassador

CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy

Oct 7, 2022 By Steven Campbell In Arctic Wolf

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

Read Post

Arctic Wolf

Read more about CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy

Microsoft Updates Mitigations For Unpatched Microsoft Exchange Zero-Days

Oct 6, 2022 By Application Security Weekly In ImmuniWeb

Read also: Comm100 chat provider hacked in a supply chain attack, a teen used leaked Optus data in a data extortion scam, and more.

Read Post

ImmuniWeb

Read more about Microsoft Updates Mitigations For Unpatched Microsoft Exchange Zero-Days

Cloud security fundamentals part 1: Know your environment

Oct 6, 2022 By Megan Moore In Snyk

140,000 Social Security numbers and about 80,000 bank account numbers — that’s what one attacker stole from a major financial institution back in 2019. How did it happen? The attacker used firewall credentials to obtain privilege escalation and hack into improperly secured Amazon cloud instances.

Read Post

Snyk

Read more about Cloud security fundamentals part 1: Know your environment

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Oct 5, 2022 By Code Intelligence In Code Intelligence

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities

View Video

Code Intelligence

Read more about Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Oct 5, 2022 By Snyk In Snyk

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome - you're a cloud native application developer! As developers, our responsibility has broadened, and more software means more software security concerns for us to address.

View Video

Snyk

Read more about Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

How to hack a vulnerable OWASP Node.js apps: Part 2 | Snyk

Oct 5, 2022 By Snyk In Snyk

How to hack a vulnerable OWASP Node.js Apps We are back with part 2 of this livestream. Join us as we demonstrate how you can use the Node.js app. We also show the various ways it can be hacked so you can learn how to prevent it. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about How to hack a vulnerable OWASP Node.js apps: Part 2 | Snyk

2022 Collaboration Partner of the Year: Snyk

Oct 5, 2022 By Sarah Conway In Snyk

This week, at HashiConf 2022, Snyk was recognized by HashiCorp as the winner of the 2022 Collaboration Technology Partner of the Year award. Carey Stanton, Snyk’s Senior Vice President of Business Development, was in Los Angeles and accepted the award on stage at HashiConf. Snyk is honored to be named HashiCorp’s 2022 Technology Partner of the Year for Collaboration.

Read Post