Application Security

Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.

Securing cloud native applications: ActiveCampaign’s VP, Information Security provides perspective

Simon Maple (VP of Developer Relations & Community at Snyk) and Chaim Mazal (VP, Information Security at ActiveCampaign) discuss the changing application security landscape and the impact it has had on ActiveCampaign.

April 9, 2021

How to fix Java security issues while coding in IntelliJ IDEA

Learn how to use the Snyk Vulnerability Scanner plugin for IntelliJ IDEA to make it easy to find and fix Java security issues earlier in the development process.

April 8, 2021

Secure coding with Snyk’s new JetBrains IDE plugin

We’re pleased to announce our new plugin for JetBrains IDEs, making it easier for developers to find and fix security issues as they code! Snyk’s new free JetBrains IDE plugin enables developers using IntelliJ IDEA and WebStorm to easily find and fix known vulnerabilities in their open source dependencies as well as any security issues […]

April 7, 2021

5 ways to prevent code injection in JavaScript and Node.js

Learn some best practices for keeping your Node.js and JavaScript projects safe from code injection attacks.

April 5, 2021

Snyk chats with Shutterstock about building a DevSecOps culture

Buying security tooling is easy, but changing company culture is hard. Learn how Shutterstock was able to adopt a security mindset from the ground up.

April 2, 2021

Preventing YAML parsing vulnerabilities with snakeyaml in Java

YAML files are often used to configure applications, application servers, or clusters. It is a very common format in Spring Boot applications and, of course, to configure Kubernetes. However, similarly to JSON and XML, you can use YAML to serialize and deserialize data. Although YAML looks like an excellent alternative for XML and JSON, many […]

March 30, 2021

SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your […]

March 26, 2021

Solving Java security issues in my Spring MVC application

The Spring MVC framework is a well-known Java framework to build interactive web applications. It implements the Model-View-Controller architecture pattern to separate the different aspects of your application. Separating the different logic elements like representation logic, input logic, and business logic is generally considered good architectural practice. This separation of concerns, when implemented correctly, provides […]

March 15, 2021

Automating vulnerability monitoring with Snyk, Prometheus and Grafana

This article is part 3 of Snyk API Wednesdays – our new blog series covering different Snyk API use cases and customer stories. Part 1 covered the Snyk-Watcher by Twilio, and part 2 covered a new integration with Opsgenie using custom webhooks. Monitoring the vulnerabilities identified across your different applications plays a key role in […]

March 3, 2021

SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access […]

March 1, 2021

Securing your modern software supply chain

Software supply chain security concerns are more prevalent than ever. The U.S. Pentagon, Department of State, Department of Homeland Security, Microsoft, FireEye – this is just a partial list of the government agencies and companies hacked as a result of the attack on SolarWinds’ proprietary software – the Orion network monitoring program. The scope of […]

March 1, 2021