Articles

Understanding Server-Side Template Injection in Golang

SSTI can open the door to escalating security risks such as file inclusion, Cross-Site Scripting (XSS), or even Code Injection Attacks.

OpenCart vulnerability research (v4.0.2.3/3.0.3.9)

Discover the security vulnerabilities in OpenCart's admin and customer functionalities, including XSS, Zip Slip, and SQL Injection exploits. Learn how these flaws impact e-commerce systems and how attackers can exploit them for remote code execution.

Top 10 Node.js Security Best Practices

Read about five major Node.js security risks and the top ten best practices you can implement to address them and stay secure while building applications.

セキュアソフトウェア開発ライフサイクル (SSDLC)

Learn more about Secure Software Development Lifecycle (SSDLC), and how to integrate security at every stage of the SDLC to enhance software integrity and protect against vulnerabilities.

Apache License 2.0 Explained

Learn more about the Apache License 2.0 uses, benefits, and requirements for use in your open source projects while maintaining compliance.

MIT ライセンスとは

最も単純なオープンソースライセンス契約の 1 つである MIT ライセンスについて詳しく学び、ライセンスコンプライアンスを既存のワークフローに統合しましょう。

Software Development Life Cycle (SDLC): Phases and Methodologies

Learn more about SDLC (Software Development Life Cycle) phases and methodologies that define the entire software development procedure step-by-step.

What is CI/CD? CI/CD pipeline and tools explained

Learn more about CI/CD continuous integration and continuous delivery, CI/CD pipeline, and framework. CI/CD as the foundation for DevSecOps.

脆弱性スキャナ: その概要と動作するしくみ

脆弱性スキャナの種類、分類、動作するしくみ、2023 年のスキャナの選び方についての詳細を説明しています。

Vulnerability Assessment: Tools and Steps to Improve Security Posture

Learn more about vulnerability assessment to stay secure and efficiently evaluate the state of security weaknesses and flaws in your systems and environments.

アプリケーションセキュリティの完全ガイド

アプリケーションセキュリティとは、アプリケーション開発ライフサイクルの中で、脆弱性を減らしてセキュリティを高め、機密データを保護するために実行するアクションとして定義されています。

サイバーセキュリティに不可欠なクラウドセキュリティ

公開クラウドプロバイダーは、そのビジネスモデルからして社会的信用を維持する必要があるため、セキュリティが優先されますが、従来のオンサイト型の IT インフラを縛っていた境界線は、クラウドには存在しません。

Security Champions Overview

Security champions are developers with an interest in security and a home in development. They are the interface between two teams that have traditionally been siloed. Let’s take a look at some of the benefits any organization can gain from these programs.

How to Write Secure Go Code

Learn how to write secure code in Go and protect your applications from vulnerabilities like SQL injection and SSRF. Discover best practices for Go development and how Snyk Code can help you identify and fix security issues effortlessly.

Product Security vs. Application Security: What’s the Difference?

Discover the differences between product and application security to build more secure products and applications.

クラウドセキュリティ態勢管理の解説

多くの企業では、クラウドに移行する場合に、クラウドセキュリティの責任は Amazon Web Services (AWS)、Google Cloud、Microsoft Azure などのクラウドプロバイダーがすべて負うものと考えています。

Enterprise security: How to stay secure at enterprise scale

Enterprise security is the use of technologies, practices, and processes to protect digital assets, systems, and data from threats and vulnerabilities.

The shared responsibility model for cloud security

Cloud security is a shared responsibility between cloud providers and customers.

SOC 2 Cloud Compliance Guide

What is SOC 2 and why is it important for your organization? Follow our steps to bring your cloud environments into SOC 2 compliance.

DevSecOps Program Success

Improving secure development is a journey that takes time, and starts with getting visibility into the existing security processes and practices that are done by each team today. If this isn’t done in an empathetic way, this process can be perceived as a reaction to development shortcomings. When others think there’s blame or judgment, it’s easy to get defensive responses.