Application Security
Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.
Open Source Vulnerabilities and Security with Microsoft’s Jeff McAffer
As 2019 draws to an end, we are going to be looking back on some great episodes of our podcast The Secure Developer. See the first post here. The Secure Developer podcast is part of our vendor neutral, security education focused community MyDevSecOps. The community, previously also known as The Secure Developer, meets virtually via […]
See Snyk and GitHub in action at GitHub Universe
At Snyk, we are committed to building security tools that help developers shift security left to embrace security and quality as early, easily, and efficiently as possible. With the recent beta release of GitHub Actions, we decided to look at how we could help GitHub users adopt better security controls for DevOps and CI/CD workflows. […]
Angular vs React: the security risk of indirect dependencies
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the security risk of the indirect independencies for both Angular and React, and then we also review the direct dependencies, first for Angular and then for React. The modules reviewed in this part do not represent a complete list of […]
Comparing React and Angular secure coding practices
Welcome to Snyk’s State of JavaScript frameworks security report 2019, this section of the report is about Angular and React projects overall security posture. In this section, we explore both the Angular and the React project security postures. This includes secure coding conventions, built-in in secure capabilities, responsible disclosure policies, and dedicated security documentation for […]
JavaScript frameworks security report 2019
Welcome to Snyk's State of JavaScript frameworks security report 2019. In this report, we investigate the state of security for both the Angular and React ecosystems, looking at best practices, secure coding, and security vulnerabilities in React, Angular, and other frontend projects such as Bootstrap, Vue.js, and jQuery. Inside you will find the report in it's digital format as a PDF to download and review offline.
84% of all websites are impacted by jQuery XSS vulnerabilities
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this blog post we’ll review security vulnerabilities found in other frontend ecosystem projects. After reviewing Angular and React as major JavaScript frameworks, we’ll take a brief review of selected JavaScript and CSS frameworks: Vue.js, jQuery and Bootstrap. jQuery security jQuery took web development by […]
2019 side-by-side comparison of Angular and React security vulnerabilities
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the impact that security vulnerabilities can have by looking at the severity, CVSS scores and more over the years for both Angular and React. Furthermore, we look into the time it takes for the vulnerabilities in each framework to be […]
Angular vs React: security bakeoff 2019
Welcome to Snyk’s State of JavaScript frameworks security report 2019. Let’s begin this report by exploring the different security vulnerabilities found in the core Angular and React projects. We then review the severity breakdown for each of the vulnerabilities and we inspect the differences between the two. Lastly, for both projects, we review the time […]
A recap from our latest PCI webinar, and compliance tips from Deliveroo
Remember our previous blog post on the new PCI standards and how to comply? We recently hosted a webinar to break down what’s important to take away from the latest update, far beyond the fundamentals. During the session, Jim Manico (founder at Manicode) and Adam Thompson, Information Security Officer at Deliveroo shared their insights to […]
A Snyk peek into Node.js and npm’s state of open source security report 2019
In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the different language ecosystems and have analyzed responses from over five hundred open source maintainers and users who provided us with insights into their processes and knowledge of open source security risks […]
Why npm lockfiles can be a security blindspot for injecting malicious modules
I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might it be entirely preventable? And then, one day I had a eureka! […]