March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more

We are wrapping up this month and we present to you the most interesting highlights and security news from March 2020, Including All.The.Talks — a new virtual community conference — the launch of the State of Open Source Security survey, and several product updates from Snyk. Security news Our State of Open Source Security survey […]

March 31, 2020

Shifting responsibly left with the enhanced Snyk security gating on pull requests

We’re pleased to announce we’ve enhanced Snyk’s security and license testing for pull requests to better support shift-left security and secure development workflows! Pull requests, are the backbone of GitHub-based development workflows, making it easier to collaborate on projects. Individual contributors can share changes they’ve pushed to a branch in a repository, discuss them with […]

March 31, 2020

Secure development when working from home — tips and tricks

Secure development while remote  As we brace ourselves to an extended period of working from home, we need to re-evaluate various ways of working – and security is no exception. Remote collaboration, which is new to many, may require some changes to your security practices or priorities.  And so, here are a few suggestions of […]

March 30, 2020

Using UBI images to minimize container vulnerabilities

At Snyk, we work hard to continue improving container and cloud-native security solutions. As part of this effort, Snyk Container empowers developers to fully own the security of their container images. One common source of vulnerabilities in containers is the base image that is pulled in as the foundation for creating your own custom images. […]

March 27, 2020

Top 5 reasons why everyone should be using an open source vulnerability scanner

Cybercrime is on the mind of every business — from the largest enterprise to small and mid-sized companies that may have limited technical expertise. Minimizing risk and controlling vulnerability must start from the very beginning of website development.  Cybercrime resulted in business losses exceeding $2 trillion in 2019 alone. Much of this loss involved small […]

March 26, 2020

Exploring the minimist prototype pollution security vulnerability

On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This is part of an ongoing research by the Snyk security research team which had previously uncovered similar vulnerabilities in other high-profile JavaScript libraries such as lodash and jQuery. The current research by the Snyk team […]

March 26, 2020

The State of Open Source Security Survey – 2020

Snyk is currently building our annual State of Open Source Security report and we want to hear from you! Complete this brief survey to help guide our research.

March 25, 2020

Django security tips

Lucky you, you user of the web framework for perfectionists with deadlines (AKA Django). The Django team has put a lot of thought into their security practice (find security features in their documentation and their security policy is interesting too). We have summarized some of the best tips to keep your Django project secure.  Download […]

March 24, 2020

Examining Gartner’s 12 Things to Get Right for Successful DevSecOps

“Integrating security into DevOps to deliver DevSecOps demands changed mindsets, processes, and technologies. Security and risk management leaders must adhere to the collaborative, agile nature of DevOps for security testing to be seamless in development, making the “Sec” in DevSecOps transparent.” According to the Gartner report, DevSecOps quickly became one of the fastest-growing areas of […]

March 24, 2020

What is a backdoor? Let’s build one with Node.js

A backdoor in our code that can perform OS injection is one of the most scary scenarios ever. Currently, npm has more than 1.2M of public packages available. For the last 3 years, our dependencies have become the perfect target for cybercriminals. We saw many new attacks going live, like typosquatting attack or event-stream incident, […]

March 19, 2020

AngularJS Security Fundamentals

In this AngularJS security best practices cheatsheet, we focus on AngularJS and discuss tips and guidelines that ensure secure coding practices. In essence, this cheatsheet is a collection of AngularJS security fundamentals for web developers. Below are the 10 AngularJS security fundamentals best practices that we cover in this blog post: The “Angular way” safeguards […]

March 17, 2020