Ecosystems

Interested in ecosystem-specific posts? We’ve got your back! Read through our posts and learn how security impacts your environment.

3 Jedi-inspired lessons to level up your JavaScript security

You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security!

May 4, 2022

Targeted npm dependency confusion attack caught red-handed

Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found in npm: gxm-reference-web-auth-server.

April 29, 2022

Generating fake security data with Python and faker-security

-security Python package to help anyone working with security data. In this blog post, we’ll briefly go over what this Python package is and how to use it.

April 25, 2022

Why you need a Kubernetes admission controller 

Admission controllers intercept API requests before they pass to the API server and can prohibit or modify them. This applies to most types of Kubernetes requests.

April 25, 2022

5 tips for securing PHP Laravel

A discussion of best practices for securing PHP Laravel, including framework configuration, preventing SQL injection attacks, managing cookies and sessions management.

April 21, 2022

The ultimate guide to Python pickle

This article will teach you how to safely use Python's built-in pickle library to maintain persistence within complex data structures.

April 20, 2022

An unintimidating introduction to the dark arts of C/C++ vulnerabilities

Following the addition of C/C++ security scanning to Snyk Open Source, we discuss some common C/C++ vulnerabilities and ways to mitigate them.

April 15, 2022

Improving GraphQL security with static analysis and Snyk Code

Learn how you can improve your GraphQL security using Snyk Code static analysis to find common and more complex GraphQL vulnerabilities.

April 12, 2022

Spring4Shell extends to Glassfish and Payara: same vulnerability, new exploit

You've heard of Spring4Shell, now learn about similar exploits for Glassfish and Payara that leverage the same issue in Spring, but with a different payload.

April 8, 2022

Getting started with React Native security

Explore React Native security challenges that developers encounter when developing mobile apps,including authentication protocols, and dependency vulnerabilities.

April 7, 2022

Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Announcing the general availability of unmanaged C/C++ security scanning in Snyk Open Source, enabling developers to find and fix known security vulnerabilities.

April 5, 2022