Skip to main content

Resources

Featured
Report

Snyk's 2023 AI-Generated Code Security Report

Read now

Reading list

Report

State of Open Source Security 2023 Report

Report

Snyk Customer Value Study Report

Buyers guide

Developer Security Tools Buyer’s Guide

Narrow Your Search

Type

Topic

Reset filters

Showing 1 - 12 of 259 resources

wordpress-sync/Feature-5FoCS1
Article

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

wordpress-sync/blog-feature-snyk-code-green
Article

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

Go-Blog-feature
Article

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

2024 State of Open Source Security Report
Report

2024 State of Open Source Security Report

wordpress-sync/feature-python-linting
Article

Python Pickle Poisoning and Backdooring Pth Files

Discover the security risks of Python's pickle module and learn how malicious code can exploit PyTorch .pth files. Explore practical examples, safeguards like safetensors, and tips for secure machine learning workflows.

blog-feature-cors
Article

Vulnerabilities in Deep Learning File Formats

While pickle is a common way to store neural network weights, it can be vulnerable to attacks if downloaded from untrusted sources. Safer alternatives like SafeTensors only store raw data and prevent malicious code execution.

wordpress-sync/blog-feature-trojan-source-unicode
Article

Hijacking OAUTH flows via Cookie Tossing

Learn about Cookie Tossing attacks, a rarely explored technique to hijack OAuth flows and enable account takeovers at Identity Providers (IdPs). Discover its implications, real-world examples, and how to safeguard applications using the Host cookie prefix.

Taming AI Code: Securing Gen AI Development with Snyk
eBook

Taming AI Code: Securing Gen AI Development with Snyk

AI generated code is increasing the rate of development, but not without security challenges. Learn how to secure AI generated code.

blog-feature-pypi-spoof
Article

How to respond to a newly discovered vulnerability

Learn how to effectively respond to newly discovered vulnerabilities with a structured approach using the Vulnerability Management Cycle. Discover the importance of tools like Snyk for centralizing, analyzing, and remediating vulnerabilities across your software development lifecycle.

blog-feature-ai-green
Article

How does Snyk DCAIF Work under the hood?

Read our technical deep-dive into how Snyk's DCAIF works. To start, with Snyk's Deep Code AI Fix, simply register for a Snyk account here, enable DeepCode AI Fix in your Snyk settings, and start reliably auto-fixing vulnerabilities in seconds.

DevSecOps is Dead…or is it?
White Paper

DevSecOps is Dead…or is it?

Learn why DevSecOps has fallen short and discover a new framework to align security with development goals.

The anatomy of a successful DevSecOps program
Video

The anatomy of a successful DevSecOps program

Our on-demand webinar discussed the state of DevSecOps in 2024.

1234522