SQL injection cheat sheet: 8 best practices to prevent SQL injection attacks

SQL injection is one of the most dangerous vulnerabilities for online applications. It occurs when a user adds untrusted data to a database query. For instance, when filling in a web form. If SQL injection is possible, smart attackers can create user input to steal valuable data, bypass authentication, or corrupt the records in your […]

March 26, 2021

Developer Driven Workflows – Dockerfile & image scanning, prioritization, and remediation

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate […]

March 25, 2021

Defining Developer-first Container Security

Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does […]

March 16, 2021

Automate container security with Dockerfile pull requests

Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you […]

March 16, 2021

Docker Hub Authentication: Is 2021 the year you enable 2FA on Docker Hub?

Judging by the reactions I saw in the audience during my past talks on “Securing Containers By Breaking In”, as well as recent reactions on Twitter, not many know about Docker Hub’s fairly recent multi-factor authentication feature. In October 2019, in order to improve the Docker Hub authentication mechanism, Docker rolled out a beta release […]

March 15, 2021

Solving Java security issues in my Spring MVC application

The Spring MVC framework is a well-known Java framework to build interactive web applications. It implements the Model-View-Controller architecture pattern to separate the different aspects of your application. Separating the different logic elements like representation logic, input logic, and business logic is generally considered good architectural practice. This separation of concerns, when implemented correctly, provides […]

March 15, 2021

How I was hacking docker containers by exploiting ImageMagick vulnerabilities

What if I told you that using vulnerable Docker images can put you at significant and imminent risk of a command injection security vulnerability of hacking docker containers that use that vulnerable Docker image? In this article, I’ll take you through a step-by-step process of container hacking, in which we will exploit a Node.js-based web […]

March 11, 2021

Snyk Expands Into Asia Pacific Japan

At the beginning of 2021, I noted that Snyk was ready to soar. And soar we have…the rocket ship’s next stop? Asia Pacific and Japan (APJ).  I would like to welcome Shaun McLagan, our new Vice President of APJ Sales, and our new partners Temasek, an investment company headquartered in Singapore, and Geodesic Capital, a […]

March 11, 2021

10 Kubernetes Security Context settings you should understand

Securely running workloads in Kubernetes can be difficult. Many different settings impact security throughout the Kubernetes API, requiring significant knowledge to implement correctly. One of the most powerful tools Kubernetes provides in this area are the securityContext settings that every Pod and Container manifest can leverage. In this cheatsheet, we will take a look at […]

March 9, 2021

Snyk’s new vulnerability cards – fix issues fast with a new look and feel

One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to […]

March 2, 2021

SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access […]

March 1, 2021