Skip to main content

Resources

Featured
Report

2024 State of Open Source Security Report

Read now

Reading list

Buyers guide

Future-proof your development: The SAST/SCA buyer’s guide for the AI era

White paper

DevSecOps is Dead…or is it?

White paper

Discover the path to trusted software

Narrow Your Search

Type

Topic

Showing 1 - 12 of 263 resources

blog-feature-pypi-spoof
Article

Golang SQL Injection By Example

Learn how to prevent SQL injection in Golang applications by using prepared statements and parameterized queries and leveraging tools like Snyk for vulnerability detection.

Scaling Application Security for GenAI with Snyk and Deloitte
White Paper

Scaling Application Security for GenAI with Snyk and Deloitte

wordpress-sync/blog-feature-snyk-docs
Blog

Did you make the *security* naughty or nice list this year?

Is your team on the naughty or nice list? Read on to see if your security practices make the cut this holiday season.

Securing the software supply chain with AI
Article

Securing the software supply chain with AI

Discover how AI is both a threat and a solution for securing software supply chains. Learn about emerging AI attack vectors, AI-powered defenses, AIBOMs, and how Snyk can help.

blog-feature-ai
Article

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.

wordpress-sync/Feature-5FoCS1
Article

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

wordpress-sync/blog-feature-snyk-code-green
Article

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

Go-Blog-feature
Article

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

2024 State of Open Source Security Report
Report

2024 State of Open Source Security Report

wordpress-sync/feature-python-linting
Article

Python Pickle Poisoning and Backdooring Pth Files

Discover the security risks of Python's pickle module and learn how malicious code can exploit PyTorch .pth files. Explore practical examples, safeguards like safetensors, and tips for secure machine learning workflows.

blog-feature-cors
Article

Vulnerabilities in Deep Learning File Formats

While pickle is a common way to store neural network weights, it can be vulnerable to attacks if downloaded from untrusted sources. Safer alternatives like SafeTensors only store raw data and prevent malicious code execution.

wordpress-sync/blog-feature-trojan-source-unicode
Article

Hijacking OAUTH flows via Cookie Tossing

Learn about Cookie Tossing attacks, a rarely explored technique to hijack OAuth flows and enable account takeovers at Identity Providers (IdPs). Discover its implications, real-world examples, and how to safeguard applications using the Host cookie prefix.