Articles

Cycle de développement logiciel sécurisé (SDLC sécurisé)

Learn more about Secure Software Development Lifecycle (SSDLC), and how to integrate security at every stage of the SDLC to enhance software integrity and protect against vulnerabilities.

Top 10 Node.js Security Best Practices

Read about five major Node.js security risks and the top ten best practices you can implement to address them and stay secure while building applications.

Understanding Server-Side Template Injection in Golang

SSTI can open the door to escalating security risks such as file inclusion, Cross-Site Scripting (XSS), or even Code Injection Attacks.

Can Machine Learning Find Path Traversal Vulnerabilities in Go? Snyk Code Can!

Explore how Snyk’s machine learning-powered security tools tackle path traversal vulnerabilities in Golang code. Learn how to secure your Go applications and challenge yourself to detect and exploit vulnerabilities like a pro!

Is TypeScript All We Need for Application Security?

What are the security controls and fallacies in TypeScript security? Securing TypeScript applications involves a multi-layered approach.

The Importance of Policy as Code in Your Compliance Strategy 

Learn why compliance as code should become a key part of your overall security strategy, enabling security at scale based on automated Policy as Code rules.

Security Risks with Python Package Naming Convention: Typosquatting and Beyond

Beware of typosquatting and misleading Python package names—one small mistake in pip install can expose your system to backdoors, trojans, and malicious code. Learn how attackers exploit package naming conventions and discover best practices to secure your open-source supply chain.

Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development

A newly discovered path traversal vulnerability (CVE-2025-0851) in Deep Java Library (DJL) could allow attackers to manipulate file paths, exposing Java AI applications to security risks. Learn how this flaw impacts DJL users and how updating to version 0.31.1 mitigates the threat.

How to Secure Your GitHub Actions Workflows with Snyk to Enhance JavaScript Security

Snyk provides a pre-built custom Snyk GitHub Actions workflow that you can add to your CI and saves you the trouble of managing the vulnerability scans using the Snyk CLI directly.

API Security Testing: How to test your API security

API or application programming interface helps applications communicate with each other. Learn how to keep your API's secure with API security testing.

Getting Started with Capture the Flag

If you're new to CTFs or looking to sharpen your skills, understanding how they work is key to success. This article breaks down the importance of CTFs in cybersecurity—how they help you develop critical security skills, understand real-world vulnerabilities, and improve your ability to defend systems effectively.

How to Prepare for Tomorrow’s Zero-Day Vulnerabilities Today

Zero-day vulnerabilities are all too common in today’s applications. Learn how to identify and fix zero-day vulnerabilities proactively with a developer-first approach to security.

How to Install Python on macOS

Learn how to install Python on macOS step by step. This easy guide covers downloading, installing, and setting up Python on your Mac for beginners and developers.

5 Key Learnings on How to Get Started in DevSecOps

During DevSecCon’s recent community call on How to Get Started in DevSecOps, security experts from the DevSecCon community shared actionable advice, practical steps, and insights for navigating this critical field. Here are the top five takeaways from this call.

Tests de sécurité des applications statiques (SAST)

Découvrez les tests de sécurité des applications statiques (SAST), leurs avantages et leurs inconvénients, et leur intérêt dans la sécurisation de votre code source.

Malware in LLM Python Package Supply Chains

The gptplus and claudeai-eng supply chain attack represents a sophisticated malware campaign that remained active and undetected on PyPI for an extended period. These malicious packages posed as legitimate tools for interacting with popular AI language models (ChatGPT and Claude) while secretly executing data exfiltration and system compromise operations.

Understanding SOC 2 Audits: Checklist & Process

A SOC 2 audit can give your organization a competitive advantage. But what does the audit entail? Here’s A 4-step SOC 2 Audit checklist.

Risk-Based Vulnerability Management (RBVM): What is it & how to implement

Risk-based vulnerability management (RBVM) is a relatively new AppSec practice that empowers organizations to see their risk in context and prioritize the most critical fixes.

Tensor Steganography and AI Cybersecurity

Tensor steganography exploits two key characteristics of deep learning models: the massive number of parameters (weights) in neural networks and the inherent imprecision of floating-point numbers. Learn about this novel technique that combines traditional steganography principles with deep-learning model structures.

Sécurité du cloud - Un maillon incontournable de la cybersécurité

Les fournisseurs de clouds publics donnent la priorité à la sécurité, car leur modèle économique leur impose de conserver la confiance du grand public. Pour autant, le cloud signe aussi la disparition du périmètre de l’infrastructure informatique sur site traditionnelle.