Articles

Getting started with JavaScript static analysis

Static analysis tools are a must-have for JavaScript developers. They automatically scan your code for errors, security vulnerabilities, and formatting issues. This helps you write better code faster and improve your overall development process.

How Snyk Helps with the OWASP Software Assurance Maturity Model

Read how the OWASP Software Assurance Maturity Model (SAMM) and Snyk can work together to provide an effective approach to measuring, managing, and improving your software security. Learn about the key benefits, practical implementation steps, and the specific tools offered by Snyk to support your organization's security journey.

JavaScript Static Analysis with ESLint and Biome

Biome, a new tool in the JavaScript ecosystem, combines code formatting and quality linting. It offers speed and performance advantages over traditional tools like ESLint and Prettier, making it a compelling alternative. With its integration into development environments like VS Code and potential adoption by major projects, Biome is poised to reshape the way JavaScript developers approach code quality and formatting.

Oops I built a feature and created an Open Redirect Vulnerability in a Deno app

Build your first Deno web application with a step-by-step guide. Learn how to implement a redirect feature while avoiding common security pitfalls like open redirect vulnerabilities. Secure your Deno app with best practices and discover how to set up a Deno development environment in GitHub Codespaces.

Getting started with Practical Rego

Read this guide introducing Rego, a declarative policy language, for programmers familiar with imperative languages like Python or Java. It covers key concepts, common pitfalls, and best practices for writing effective Rego policies.

Improving your Java application with Records

Java Records revolutionizes the way you create data-centric classes in Java, offering a concise and secure approach. Embrace Java Records and unlock efficient and maintainable Java development.

How to respond to a newly discovered vulnerability

Learn how to effectively respond to newly discovered vulnerabilities with a structured approach using the Vulnerability Management Cycle. Discover the importance of tools like Snyk for centralizing, analyzing, and remediating vulnerabilities across your software development lifecycle.

Python Pickle Poisoning and Backdooring Pth Files

Discover the security risks of Python's pickle module and learn how malicious code can exploit PyTorch .pth files. Explore practical examples, safeguards like safetensors, and tips for secure machine learning workflows.

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

Docker Security - Challenges & Best Practice

Docker security is the practice of protecting containers, applications, host systems, and anything else related to Docker. Learn more with our full guide.

AWS security: Complete guide to Amazon cloud security

What is AWS security? How secure is AWS? Explore Snyk’s top tips to help you secure your AWS deployments, and maintain visibility of your AWS resources in development and production.

Top 10 Node.js Security Best Practices

Read about five major Node.js security risks and the top ten best practices you can implement to address them and stay secure while building applications.

Java Security Explained

Learn about the basics of cybersecurity in the Java Security ecosystem, including cryptography, application authentication, and more.

Threat Intelligence Lifecycle | Phases & Best Practices Explained

Learn about the different phases of the threat intelligence lifecycle, as well as best practices for each phase.

What is technical due diligence (TDD)?

Technical due diligence is an in-depth analysis of the state of a company from a technical perspective, including its products, infrastructure, and more.

Everything You Need to Know to Get Started With Container Security

Read about the basics of container security across ecosystems and how to secure your container from build to runtime. Learn essential terminology and have your questions answered.

Three Steps to Container Image Security

Follow our practical guide to container security, developed in partnership with Docker. 3 Essential steps to run your containers securely.

Web Application Security Explained: Risks & Nine Best Practices

It’s vital for Developers to have knowledge of web application security so they can secure web apps as they’re developed, reducing the burden on security teams.

What is container orchestration?

Orchestration refers to automating container deployment, operations, and lifecycle management. This approach automates how we provision, deploy, scale, monitor, replace, and manage storage for our running containers.