Ressourcen

How to Prepare for Tomorrow’s Zero-Day Vulnerabilities Today

Zero-day vulnerabilities are all too common in today’s applications. Learn how to identify and fix zero-day vulnerabilities proactively with a developer-first approach to security.

Securing the software supply chain with AI

Discover how AI is both a threat and a solution for securing software supply chains. Learn about emerging AI attack vectors, AI-powered defenses, AIBOMs, and how Snyk can help.

Cybersecurity audit types explained

Learn the different types of security audits, when you should use each of them, and where to integrate audits into existing security pipelines.

Everything you need to know about Container Runtime Security

In this article you will find everything you need to know about container runtime security, including how to keep your container images secure.

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

2024 State of Open Source Security Report

Python Pickle Poisoning and Backdooring Pth Files

Discover the security risks of Python's pickle module and learn how malicious code can exploit PyTorch .pth files. Explore practical examples, safeguards like safetensors, and tips for secure machine learning workflows.

Vulnerabilities in Deep Learning File Formats

While pickle is a common way to store neural network weights, it can be vulnerable to attacks if downloaded from untrusted sources. Safer alternatives like SafeTensors only store raw data and prevent malicious code execution.

Hijacking OAUTH flows via Cookie Tossing

Learn about Cookie Tossing attacks, a rarely explored technique to hijack OAuth flows and enable account takeovers at Identity Providers (IdPs). Discover its implications, real-world examples, and how to safeguard applications using the Host cookie prefix.

Taming AI Code: Securing Gen AI Development with Snyk

AI generated code is increasing the rate of development, but not without security challenges. Learn how to secure AI generated code.