Snyk Open Source adds beta C/C++ security scanning for unmanaged OSS

We’re happy to announce the open beta of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source code and libraries! Used across various industry verticals and prominent within the gaming, hardware/IoT, and communications industries, C/C++ continues to have a major impact on software development and the technology space as a whole.

Snyk Customer Story: ActiveCampaign

ActiveCampaign's Amar Patel, Engineering Manager, and Ben Harold, Senior Software Engineer share their experiences with Snyk. Snyk helps ActiveCampaign "identify vulnerabilities and communicate with upper management about the risks that need to be addressed." With Snyk, ActiveCampaign can gain get better insights into the risks on their platform and better address those risks in a more streamlined and frictionless manner.

Java JSON deserialization problems with the Jackson ObjectMapper

In a previous blog post, we took a look at Java’s custom serialization platform and what the security implications are. And more recently, I wrote about how improvements in Java 17 can help you prevent insecure deserialization. However, nowadays, people aren’t as dependent on Java’s custom serialization, opting instead to use JSON. JSON is the most widespread format for data serialization, it is human readable and not specific to Java.

Automating Container Runtime Security Scanning with Snyk

So you’re running microservices in containers? Congratulations! This is an important step towards meeting those business needs around delivering applications to the hands of your customers as soon as possible. But how can we mitigate any potential risks associated with faster software deployment while running on Kubernetes? Simple, with Snyk’s Kubernetes integration we can identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Watch this video to find out how!

Java Security Tip: Sanitize user input

Java Security Quick Tip: Always santize user input before you display it in your web app. Displaying user input wideout proper validation or sanitization can lead to cross-site scripting security issues. With the OWASP Encoder library, you can escape scripts and be positive that they will not be executed in the users' browser. In this video I will answer the following questions Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for Java and many other languages.

Securing your open source dependencies with the Snyk Visual Studio Code extension

We’re pleased to announce new functionality within the Snyk Vulnerability Scanner extension for Visual Studio Code, making it easier for developers to find and fix vulnerabilities and license issues in their open source dependencies! To help developers take more responsibility for the security of their applications, security tools must be able to integrate seamlessly into existing workflows and the tools developers are using on a day-to-day basis.