リソース

クラウドコンプライアンスの解説

クラウドコンプライアンスとは何でしょうか。ベストプラクティスに従いながら、クラウド環境をさまざまな基準や統制に合わせるにはどうしたらいいでしょうか。

Guide to Software Composition Analysis: 5 key challenges of SCA

The code driving many—in fact, most—applications today includes open source components.

What is ASPM? (Application Security Posture Management)

Application security posture management (ASPM) overview - Learn how to strengthen app security using holistic visibility, automation & robust security measures.

The Importance of Policy as Code in Your Compliance Strategy 

Learn why compliance as code should become a key part of your overall security strategy, enabling security at scale based on automated Policy as Code rules.

OpenCart Vulnerability Research (v4.0.2.3/3.0.3.9)

Discover the security vulnerabilities in OpenCart's admin and customer functionalities, including XSS, Zip Slip, and SQL Injection exploits. Learn how these flaws impact e-commerce systems and how attackers can exploit them for remote code execution.

How to prevent prototype pollution vulnerabilities in JavaScript

Safeguard your JavaScript applications from prototype pollution vulnerabilities. Learn how to prevent attackers from infiltrating object prototypes with malicious code, jeopardizing your data and application security. Read about effective strategies, leverage Snyk's potent tools, and shield your JavaScript projects from this critical threat.

Getting started with JavaScript static analysis

Static analysis tools are a must-have for JavaScript developers. They automatically scan your code for errors, security vulnerabilities, and formatting issues. This helps you write better code faster and improve your overall development process.

Proxmox VE CVE-2024-21545 - Tricking the API into giving you the keys

Read about a critical vulnerability (CVE-2024-21545) in Proxmox VE that allows attackers to gain full control of the system. By exploiting a flaw in the API handling, attackers with limited permissions can steal sensitive files and forge session tokens for a complete system takeover.

How Snyk Helps with the OWASP Software Assurance Maturity Model

Read how the OWASP Software Assurance Maturity Model (SAMM) and Snyk can work together to provide an effective approach to measuring, managing, and improving your software security. Learn about the key benefits, practical implementation steps, and the specific tools offered by Snyk to support your organization's security journey.

Oops I built a feature and created an Open Redirect Vulnerability in a Deno app

Build your first Deno web application with a step-by-step guide. Learn how to implement a redirect feature while avoiding common security pitfalls like open redirect vulnerabilities. Secure your Deno app with best practices and discover how to set up a Deno development environment in GitHub Codespaces.

JavaScript Static Analysis with ESLint and Biome

Biome, a new tool in the JavaScript ecosystem, combines code formatting and quality linting. It offers speed and performance advantages over traditional tools like ESLint and Prettier, making it a compelling alternative. With its integration into development environments like VS Code and potential adoption by major projects, Biome is poised to reshape the way JavaScript developers approach code quality and formatting.

Getting started with Practical Rego

Read this guide introducing Rego, a declarative policy language, for programmers familiar with imperative languages like Python or Java. It covers key concepts, common pitfalls, and best practices for writing effective Rego policies.