Skip to main content

Resources

Ebook

5 Critical Capabilities for Progressing Your DevSecOps Program

Read now

Report

Why the Fastest Technology Organizations Choose Snyk

Read now

Cheat sheet

What You Need to Know About OWASP

Read now
Type
Topic

Showing 61 - 72 of 281 resources

Article

Software Security Explained

Learn more about software security, proper tools and processes to identify and remediate software bugs. Connection to application security, secure SDLC and more.

Article

Benefits of security analytics

Learn more about security analytics, a proactive security approach that detects advanced security threats with artificial intelligence and machine learning.

Article

White box testing basics: Identifying security risks early in the SDLC

This article will help you to understand what white box testing is, the pros and cons, and techniques for white box testing.

Article

Understanding gray box testing techniques

Learn about what gray box testing is, how to perform gray box testing, the benefits of gray box testing as well as its drawbacks.

Article

Golang SQL Injection By Example

Learn how to prevent SQL injection in Golang applications by using prepared statements and parameterized queries and leveraging tools like Snyk for vulnerability detection.

White Paper

Scaling Application Security for GenAI with Snyk and Deloitte

Article

Securing the software supply chain with AI

Discover how AI is both a threat and a solution for securing software supply chains. Learn about emerging AI attack vectors, AI-powered defenses, AIBOMs, and how Snyk can help.

Article

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.

Article

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

Article

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

Article

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

Report

2024 State of Open Source Security Report