Application Security

Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.

Angular security best practices

Angular security best practice #1: use interpolation ({{ }}) to safely encode potentially dangerous characters and escape untrusted HTML or CSS expressions within a template expression.

August 10, 2020

Prioritizing vulnerabilities in Kubernetes deployments

Snyk has recently introduced a Priority Score to help prioritize vulnerabilities we detect, helping you identify the most important issues that need your attention. Prioritization and Snyk Container The new Priority Score is fully supported in Snyk Container. All of your container images will be scored based on the severity of the vulnerability, data we […]

August 6, 2020

Prioritization on steroids with Snyk’s new Priority Score

Snyk’s new Priority Score helps to drastically simplify one of the biggest challenges in using open source securely—working out which vulnerabilities to tackle first.  For most organizations, fixing all vulnerabilities is simply not feasible. Each change comes at a cost, and that cost often rises with the age and complexity of the software. The average […]

August 4, 2020

Optimizing prioritization with deep application-level context

Prioritizing vulnerability fixes is becoming increasingly difficult due to both the constant rise in the number of vulnerabilities and the complexity involved in assessing the risk they pose. Vulnerabilities are not born equal, and their risk variance is influenced by an array of objective and subjective factors. Effective prioritization depends on an accurate assessment of […]

July 28, 2020

Announcing Snyk’s developer-first prioritization capabilities

We’re excited to unveil Snyk’s developer-first prioritization capabilities, helping development and security teams prioritize fixes for security vulnerabilities in their open source dependencies and containers more effectively!  Organizations today are overwhelmed by growing amounts of vulnerabilities. Since they cannot fix each and every issue instantly, they must prioritize. Effective prioritization helps organizations to stay focused […]

July 22, 2020

Helping developers prioritize the security backlog

Today, developers are increasingly stepping up to fix the vulnerabilities in their apps, which is amazing. However, when they do so, they’re faced with a long backlog of vulnerabilities. Deciding which issue to address first is hard, requiring time and security expertise developers often don’t have. This is a chance for the right tools to […]

July 22, 2020

Arbitrary File Write via Archive Extraction (Zip Slip) in go-rpmutils

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

July 20, 2020

Navigate 3 trends in financial services with DevSecOps

The financial services sector faces both technology opportunities and challenges. The modernization of financial business infrastructures isn’t a new conversation, although it remains a continued priority and challenge for our largest banking, investment, and insurance institutions. Cloud adoption trends in financial services  have dominated this conversation in recent years, across infrastructure, data, and the applications […]

July 13, 2020

Demystifying HTTP request smuggling

HTTP request smuggling is an interesting vulnerability type that has gained popularity over the last year. This vulnerability could allow an attacker to leverage specific features of the HTTP/1.1 protocol in order to bypass security protections, conduct phishing attacks, as well as obtain sensitive information from requests other than their own.  It should also be […]

June 30, 2020

The State of Open Source Security 2020

This report sheds light on the current security posture of open source software and reflects on security concerns, trends in vulnerabilities across packages and container images, and also examines the practices employed by maintainers and organizations in securing their software.

June 24, 2020

Regular Expression Denial-of-Service in websocket-extensions

Welcome to the newest Snyk blog series! In this monthly series, Snyk looks back on the vulnerabilities discovered by or reported to our research team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who are helping identify and remediate vulnerabilities across the open source community.

June 22, 2020