Application Security

Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.

Shifting responsibly left with the enhanced Snyk security gating on pull requests

We’re pleased to announce we’ve enhanced Snyk’s security and license testing for pull requests to better support shift-left security and secure development workflows! Pull requests, are the backbone of GitHub-based development workflows, making it easier to collaborate on projects. Individual contributors can share changes they’ve pushed to a branch in a repository, discuss them with […]

March 31, 2020

Secure development when working from home — tips and tricks

Secure development while remote  As we brace ourselves to an extended period of working from home, we need to re-evaluate various ways of working – and security is no exception. Remote collaboration, which is new to many, may require some changes to your security practices or priorities.  And so, here are a few suggestions of […]

March 30, 2020

Exploring the minimist prototype pollution security vulnerability

On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This is part of an ongoing research by the Snyk security research team which had previously uncovered similar vulnerabilities in other high-profile JavaScript libraries such as lodash and jQuery. The current research by the Snyk team […]

March 26, 2020

Django security tips

Lucky you, you user of the web framework for perfectionists with deadlines (AKA Django). The Django team has put a lot of thought into their security practice (find security features in their documentation and their security policy is interesting too). We have summarized some of the best tips to keep your Django project secure.  Download […]

March 24, 2020

What is a backdoor? Let’s build one with Node.js

A backdoor in our code that can perform OS injection is one of the most scary scenarios ever. Currently, npm has more than 1.2M of public packages available. For the last 3 years, our dependencies have become the perfect target for cybercriminals. We saw many new attacks going live, like typosquatting attack or event-stream incident, […]

March 19, 2020

AngularJS Security Fundamentals

In this AngularJS security best practices cheatsheet, we focus on AngularJS and discuss tips and guidelines that ensure secure coding practices. In essence, this cheatsheet is a collection of AngularJS security fundamentals for web developers. Below are the 10 AngularJS security fundamentals best practices that we cover in this blog post: The “Angular way” safeguards […]

March 17, 2020

How cloud transforms IT security into AppSec

Cloud computing is undoubtedly a seismic shift to the technology world, unlocking efficiencies and innovation like never before. However, it also drove another key change, which isn’t often discussed – cloud has made infrastructure a part of the application.  This shift carries significant ramifications for how we practice security. On the whole, security tools and […]

March 12, 2020

Fastify Node.js framework improves JSON security thanks to a security report

On April 9th Francesco Soncina –also known as phra on the HackerOne security bug bounty platform– reported a Server-side JavaScript code injection vulnerability to the Node.js Security working group. This vulnerability, initially identified Fastify, a Node.js web application framework,  as the affected target of this security issue. Matteo Collina, one of the maintainers of the […]

March 10, 2020

Popular Python library, urllib3, subject to a denial of service vulnerability

Urllib3, a powerful and popular Python http client, is subject to a newly discovered denial of service vulnerability. Urllib3 is used throughout the Python ecosystem–with more than 1,200 packages listing it as a dependency including popular packages like requests, selenium, kubernetes, and more. If you have a Python project, there is a high likelihood that […]

March 8, 2020

Snyk partners with the makers of Greenkeeper to help developers proactively maintain dependency health 

We’re pleased to announce the graduation of Automatic Dependency Upgrades, a Snyk Open Source capability that helps developers proactively reduce security vulnerabilities and maintain dependency health when using open source software. Automatic Dependency Upgrades is the result of an exciting new partnership between Snyk and Neighbourhoodie Software, who are the makers of Greenkeeper and developer […]

March 5, 2020

Is your website vulnerable? Let’s fix it!

If you run a website, whether this is a full-fledged SaaS web application or a small blog — built by Gatsby, WordPress, or an indie GitHub Pages setup — one of the key concerns you want to mitigate is security vulnerabilities. Security vulnerabilities in third-party JavaScript libraries are probably one of the topmost security concerns […]

March 4, 2020