Ecosystems

Interested in ecosystem-specific posts? We’ve got your back! Read through our posts and learn how security impacts your environment.

What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm

You may have heard about malicious packages in a variety of contexts, such as a malicious Docker container or perhaps an open source malicious package in a public registry of one ecosystem or another. Snyk even published extensive research on malware in mobile applications, dubbed SourMint. We reviewed some of these security incidents in the […]

January 12, 2021

Securing your Kubernetes application development with Snyk and Tilt

Developing Kubernetes applications can be hard. We’re often dealing with microservice architectures with a lot of moving parts, along with developing the cluster configuration to hook them all together, and workflows for rapid iteration and testing can become convoluted and hard to manage for engineering teams.  This is where tools like Tilt come in.  Tilt […]

January 11, 2021

2020 Q4 in review—iOS remote code execution, developer-first SAST, and more

In this fourth installment of the Snyk Blog year in review, we’ll be covering some of our key announcements and news that hit the blog in October, November, and December rounding off a year of content. Previously, we’ve highlighted three posts in each quarter ranging from Angular best practices to two rounds of funding and […]

December 31, 2020

2020 Q3 in review—Snyk & DeepCode, Angular security best practices, and more

We’re up to July, August, and September now in our blog series that looks back at our year of posts and picks out some of the highlights from each quarter. Previously we wrote about the first and second quarters that looked back at a round of funding for Snyk, as well as the JVM ecosystem […]

December 30, 2020

2020 Q2 in review—State of Open Source Security report, DevSecOps Hub, and more

Yesterday, we looked back at some of the blog posts we published back in January, February, and March of 2020. You remember, that time we were able to travel and hug each other, meet up carefree in bars and offices, and be social without having to use Zoom! Well, in this post, we look at […]

December 29, 2020

2020 Q1 in review—JVM ecosystem report, DevSecOps insights, and more

Welcome to the first of four posts in which we take a look back at all the highlights we have shared across the Snyk blog across 2020. Each of the four blog posts will pick three top highlights for each quarter of 2020, as well any honorable mentions we add along the way. Picking just […]

December 28, 2020

Golang security: access restriction bypass vulnerability in JWT

Back in July, the Snyk security team was alerted about a potential security issue in the JWT package. This package provides a Go implementation of JSON web tokens and the issue that was discovered related to a function called VerifyAudience that was not working as expected. The function allowed passing a double quotes (“”) value […]

December 22, 2020

Blazing the trail for cloud native application security

2020 was an incredibly challenging year for all of us but with the dawn of a new year just over the horizon, it’s a great opportunity as any to take a few moments to appreciate the work done by our engineering and product teams. Hard work that was executed under difficult and strenuous circumstances and […]

December 21, 2020

Serialization and deserialization in Java: explaining the Java deserialize vulnerability

Java serialization is a mechanism to transform an object into a byte stream. Java deserialization is exactly the other way around and allows us to recreate an object from a byte stream. Java serialization—and more specifically deserialization in Java—is also known as “the gift that keeps on giving”. This relates to the many security issues […]

December 18, 2020

Security concerns of third-party JavaScript scripts

In their web security talk at SnykCon 2020, Liran Tal and Eric Graham discussed frontend security considerations regarding the frontend attack surface. They portrayed the risks stemming from security vulnerabilities found in third party dependencies, and then continued to broaden the potential security risk through marketing added third party scripts such as Google’s Tag Manager. […]

December 17, 2020

Go security: announcing enhanced security for Go applications

We’re happy to announce enhanced support for Go security in Snyk Open Source and Snyk Container, enabling development and security teams to find and fix vulnerabilities in their Go applications more efficiently! Go developers can now test and monitor their Go projects across the different stages of the SDLC—starting as far left as their first […]

December 16, 2020