Snyk is available on the GOV.UK Digital Marketplace!
Snyk Enterprise is now available on the UK government G-Cloud digital marketplace! Government services can now easily use Snyk to protect their applications against known vulnerabilities in their dependencies—an increasingly important consideration.
The other week, ransomware infected roughly a quarter of a million systems in over 150 countries. The WannaCry attack, as it was dubbed, was yet another example in the recent flood of ransomware attacks where data is either removed or encrypted, replaced with a ransom note requiring payment. WannaCry took advantage of a vulnerability on certain versions of Windows that enabled it to gain control over a system and trigger the attack. Among the more notable targets was Britain’s National Health Service (NHS)—resulting in canceled surgeries and other disruptions.
Most of the attention has been given to the ransomware itself—where it came from and who conducted the attack. Why it worked is much less interesting, because it’s much more typical. The vulnerabilities had been patched and a good while earlier, but the infected systems had never applied the updates. For the NHS, it was a conscience decision not to pay for the necessary upgrades.
We’ve seen this in many forms over the years—unpatched and out-of-date software, on server or client machines, leaves companies and individuals exposed. As vulnerabilities are discovered and disclosed, they become a popular point of attack: they’re well documented and widely spread.
This issue isn’t resigned to operating systems. It also impacts any code you are pulling into your sites and applications. In May alone, we’ve added over 120 known vulnerabilities to our open-source database. Each one presents a potential chink in your digital armor—a potential path for attackers to exploit.
But unlike the software upgrades that would have protected services from the WannaCry attack, the updates that fix these vulnerabilities are freely available if you know where to look and how to apply them. That’s where Snyk comes in. Government services can now use Snyk to test and monitor their applications, alerting them to any known vulnerabilities, and even fixing the vulnerabilities with a GitHub pull request or terminal command.
To get started using Snyk for your government projects, check out the official listing on the GOV.UK Digital Marketplace, or simply go ahead and test your repos!
Bitbucket Server Integration in Beta
June 07, 2017Hot on the heels of the launch of Snyk serverless integration for Heroku and AWS Lambda, we are launching our next integration with Bitbucket Server, Atlassian’s Git solution for professional teams. The integration is currently in beta, and we're looking for people to take it for a test drive and provide us with some feedback.
Which of the OWASP Top 10 Caused the World’s Biggest Data Breaches?
May 10, 2017The OWASP Top 10 is a well known index of web app security vulnerabilities which is used every day by security professionals, but it doesn't currently take into account how often those vulnerabilities are used by hackers. We dug through security breach records to see which vulnerabilities are exploited most frequently.
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: