JavaScript and Node.js Security – The Common Pitfalls
Guy Podjarny live hacks a Node.js application to exploit vulnerabilities in real world packages. In this edited down video from the JSKongress conference. Guy explains where some of the most common JS security pitfalls exist.
Attacking an FTP Client: MGETting more than you bargained for
Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post contains the full details of the vulnerability and what you can do to avoid it.
Snyk is Now Integrated with Chrome’s Lighthouse
Today we have another exciting announcement: Snyk is now powering the brand-new vulnerable JavaScript audit in Google Chrome’s Lighthouse, the auditing tool built by the Google Chrome team that checks for how performance, accessible and secure your site is.
Tailoring your notifications
The most common way for Snyk users to find out that they have an issue in their project is via our email alerts. It’s a core part of our service, but until recently, we didn’t have much in the way of configuration around what types of issues would trigger an email alert. As we scale our language support, enabling you monitor more projects in Snyk, we want you to feel better informed about the types of issues that matter to you, while making less noise about the issues that don’t.
DigitalOcean Used Snyk to Resolve a Critical Ruby Gem Vulnerability in a Single Day
DigitalOcean found and fixed a critical vulnerability within one day of disclosure using Snyk's automated remediation system.
How Comic Relief’s developers used Snyk to automate security and boost productivity as part of their Digital Transformation.
Comic Relief integrated Snyk into their Concourse CI Serverless deployment pipeline which allows even the most junior of developers use open source securely by remediating any vulnerable libraries before they go to production.
Snyk $7M Series A – and a huge thanks!
I'm excited to announce our $7M Series A, and feel this is a great opportunity to say thanks!
Introducing Groups – a new way to manage your teams in Snyk
We’ve just launched a new feature for our Pro and Enterprise Plan customers that adds an additional layer of hierarchy to make it possible to split your organisation in Snyk into teams, who can manage different projects. This has been a popular request from our customers and we’ve been building and refining it for months. We’re very excited to now be able to offer it.
Suppressing issues in Snyk
Ignoring security issues shouldn't be the default action, but it is sometimes necessary. Snyk only validates vulnerabilities that exist in dependent components, so it has a relatively low false-positive rate (which should reduce the need to ignore), but there are still reasons why you may wish to suppress an issue.
What’s a known vulnerability?
A vulnerability is a vulnerability, whether known or not. The key difference between the two is the likelihood of an attacker to be aware of this vulnerability, and thus try to exploit it.
We’ll know DevSecOps has won once it’s dead
You can't go to a security event nowadays and not hear at least a few speakers say the phrase "DevSecOps". The term has turned into a rallying cry for an approach that automates security throughout the development process. But in order for DevSecOps to succeed, it will first have to die.