Recursos

Cybersecurity audit types explained

Learn the different types of security audits, when you should use each of them, and where to integrate audits into existing security pipelines.

Everything you need to know about Container Runtime Security

In this article you will find everything you need to know about container runtime security, including how to keep your container images secure.

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

2024 State of Open Source Security Report

Python Pickle Poisoning and Backdooring Pth Files

Discover the security risks of Python's pickle module and learn how malicious code can exploit PyTorch .pth files. Explore practical examples, safeguards like safetensors, and tips for secure machine learning workflows.

Taming AI Code: Securing Gen AI Development with Snyk

AI generated code is increasing the rate of development, but not without security challenges. Learn how to secure AI generated code.

How to respond to a newly discovered vulnerability

Learn how to effectively respond to newly discovered vulnerabilities with a structured approach using the Vulnerability Management Cycle. Discover the importance of tools like Snyk for centralizing, analyzing, and remediating vulnerabilities across your software development lifecycle.

How does Snyk DCAIF Work under the hood?

Read our technical deep-dive into how Snyk's DCAIF works. To start, with Snyk's Deep Code AI Fix, simply register for a Snyk account here, enable Snyk Agent Fix in your Snyk settings, and start reliably auto-fixing vulnerabilities in seconds.

DevSecOps is Dead…or is it?

Saiba por que o DevSecOps não atendeu às expectativas e descubra uma nova estrutura para alinhar a segurança às metas de desenvolvimento.

The anatomy of a successful DevSecOps program

Our on-demand webinar discussed the state of DevSecOps in 2024.

Improving your Java application with Records

Java Records revolutionizes the way you create data-centric classes in Java, offering a concise and secure approach. Embrace Java Records and unlock efficient and maintainable Java development.

Securing AI-Generated Code in Banking

Getting started with Practical Rego

Read this guide introducing Rego, a declarative policy language, for programmers familiar with imperative languages like Python or Java. It covers key concepts, common pitfalls, and best practices for writing effective Rego policies.

JavaScript Static Analysis with ESLint and Biome

Biome, a new tool in the JavaScript ecosystem, combines code formatting and quality linting. It offers speed and performance advantages over traditional tools like ESLint and Prettier, making it a compelling alternative. With its integration into development environments like VS Code and potential adoption by major projects, Biome is poised to reshape the way JavaScript developers approach code quality and formatting.

Oops I built a feature and created an Open Redirect Vulnerability in a Deno app

Build your first Deno web application with a step-by-step guide. Learn how to implement a redirect feature while avoiding common security pitfalls like open redirect vulnerabilities. Secure your Deno app with best practices and discover how to set up a Deno development environment in GitHub Codespaces.

How Snyk Helps with the OWASP Software Assurance Maturity Model

Read how the OWASP Software Assurance Maturity Model (SAMM) and Snyk can work together to provide an effective approach to measuring, managing, and improving your software security. Learn about the key benefits, practical implementation steps, and the specific tools offered by Snyk to support your organization's security journey.

Unsolved Problems in AppSec

Understanding, Creating & Curating SBOMs

Prioritizing your AppSec Issues

AI Guardrails for AppSec

Snyk in 30: AppSec

Snyk in 30: Supply Chain

Snyk in 30: SAST