Snyk blog

Sign up for the Snyk Monthly Newsletter

All articles
Fixing SQL Injection: ORM is not enough
Vulnerabilities

Fixing SQL Injection: ORM is not enough

Using a programmable SQL interface such as an ORM (Object Relational Mapping) is a good way to reduce risk of ...

Guy Podjarny
June 8, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
DevSecOps

5 Ways to Get Node.js Vulnerability Alerts

Here at Snyk, we maintain a database of known vulnerabilities in Node.js and front-end npm packages, called Vulnerability DB (also ...

Guy Podjarny
June 2, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Vulnerabilities

Fixing `marked` XSS vulnerability

A recently published vulnerability in the npm `marked` package shows how attackers can use the flexibility of the Markdown format ...

Guy Podjarny
May 16, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Ecosystems

Mitigating ImageMagick vulnerabilities in Node.js

Multiple severe and trivially exploited vulnerabilities in ImageMagick were disclosed earlier this week, and are known to be exploited in ...

Guy Podjarny
May 6, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Product

Free vulnerability testing and monitoring for public GitHub projects

We are pleased to offer a free service from Snyk that lets anyone test for vulnerabilities – and then monitor ...

Johanna Kollmann
Johanna Kollmann
April 20, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Application Security

Exploiting Buffer

Hidden between the wonders of Node lies a ticking bomb by the name of Buffer. If handled incorrectly, this risky ...

Guy Podjarny
April 5, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Application Security

How to prevent malicious packages

Last week, CERT alerted users to the risk of publishing or consuming a malicious npm package. This important risk is ...

Guy Podjarny
March 27, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Ecosystems

Tackling the new npm@3 dependency tree

Until recently Snyk’s CLI tool only supported npm@2. That all changed when we released snyk@1.9.0 and added full support for ...

Remy Sharp
Remy Sharp
February 25, 2016
https://snyk.io/wp-content/uploads/blog-post-default.png
Ecosystems

Using Node.js Event Loop for Timing Attacks

A little over 3 years ago, a few friends and I started a group called pasten to participate in the ...

Danny Grander
Danny Grander
February 16, 2016
Next