Application Security

Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.

From zero to security hero: test your GitHub projects for known vulnerabilities

Are you using GitHub for your projects? Great! But how are you making sure your open source dependencies are free from vulnerabilities?  In this blog post, we’ll guide you through how to create a free Snyk account and import your first GitHub project into Snyk and test your open source dependencies for known vulnerabilities. You […]

November 12, 2020

Java logging: what should you log and what not?

Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.  In addition to the functional aspect of logging, logs are also critical from a Java security perspective. When a security breach occurs, your log files are the first place […]

November 11, 2020

Enterprise security best practices for managing vulnerabilities at scale

How do you ensure effective security compliance across several teams when they experience an overwhelming number of vulnerabilities that need to be addressed? This is what this enterprise security best practices cheatsheet is all about! Whether you are implementing an enterprise security architecture, or an enterprise cyber security solution you are going to face applications […]

November 9, 2020

Node.js security: lessons from the Node.js Security Working Group in triaging vulnerabilities

In a previous blog post, I talked about a security disclosure for Fastify Node.js framework to the Node.js Security working group on HackerOne. The disclosure was regarding a Server-side JavaScript code injection vulnerability, resulting in the final conclusion that determined the report to be of no security impact to the Fastify Node.js web application framework, […]

November 6, 2020

Developing secure software: how to implement the OWASP top 10 Proactive Controls

Recently, I was thinking back at a great opening session of DevSecCon community we had last year, featuring no other than Jim Manico. In this session, Jim walked us through the list of OWASP Top 10 proactive controls and how to incorporate them into our web applications. The proactive controls document, written by Manico himself, […]

November 5, 2020

10 React security best practices

Looking for the best ways to secure your React app? Then you’ve come to the right place! I created this checklist of React security best practices to help you and your team find and fix security issues in your React applications. I’ll show you how to automatically test your React code for security-related errors and […]

October 28, 2020

How Atlassian CISO Adrian Ludwig built a world-class product security team

At last week’s SnykCon, Snyk’s Co-founder and President Guy Podjarny sat down with Adrian Ludwig, CISO of Atlassian for a fireside chat about the modern security market, how his security team is structured, and how to help developers embrace security.  Guy and Adrian continued their conversation after the fireside chat, discussing what it takes to […]

October 28, 2020

Key approaches for effective security risk management & prioritization

There’s no easy way of being 100% secure, and although you can become more secure, there definitely isn’t one way of getting there. “The safest thing is to do nothing” is a great cliche, but in the case of software security, this is almost never the case. Starting with the very first line of code […]

October 27, 2020

Regular Expression Denial of Service (REDoS) in UAParser.js

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

October 26, 2020

SnykCon Day Two wrap-up: Integrations and partnerships galore & session highlights

The second and final day of SnykCon 2020 is in the books, and we hope you enjoyed it as much as we did. This post will share some of the product announcements—including a few big partnerships and integrations—plus takeaways from a few of the provocative, in-depth sessions we hosted. We also share session videos in […]

October 22, 2020

Vulnerability remediation process: reducing your vulnerability backlog with Snyk’s automatic backlog PRs

We’re happy to announce Backlog Management—a new enhancement to Snyk’s automated vulnerability remediation capabilities that enables development and security teams to reduce their vulnerability backlog at a manageable pace. Most projects have over 20 vulnerabilities when first scanned by Snyk. It’s no wonder vulnerabilities have a tendency to pile up into what becomes an overwhelming […]

October 22, 2020