Home / Companies / Snyk / Blog / June 2018

June 2018 Summaries

5 posts from Snyk

Filter
Month: Year:
Post Summaries Back to Blog
Zip Slip Vulnerability Cheat Sheet The Zip Slip vulnerability is a form of Directory Traversal that allows an attacker to gain access to parts of the file system outside of the target folder, potentially leading to Remote Command Execution or damage by overwriting sensitive resources. This vulnerability has manifested itself many times over several decades but recently gained prominence in high-profile codebases across various ecosystems. The cheat sheet provides example vulnerable code snippets and validation code for four main affected ecosystems, directing users to additional research and GitHub repositories for further information.
Jun 28, 2018 440 words in the original blog post.
Snyk has released a container vulnerability management solution that empowers developers to fully own the security of their Dockerized applications. The solution seamlessly integrates with various dev and runtime platforms throughout the SDLC, providing deep application analysis, automated vulnerability remediation, and a leading vulnerability database. It offers a simple CLI that enables developers to scan for open source vulnerabilities in local images and integrate image validation into CI/CD processes. The solution tracks library context, making it easier to understand the vulnerability in the context of the application, which is key for assessing exploitability but even more so for remediation. Snyk's developer-first approach empowers developers to find and fix vulnerabilities in container images and Kubernetes workloads, aligned with its commitment to developer friendliness and remediation.
Jun 28, 2018 655 words in the original blog post.
The most common vulnerabilities in Maven Central and npm are being tracked by Snyk's vulnerability database, which includes over 1 million open source packages from various ecosystems. The number of vulnerabilities published across these ecosystems reached an all-time high in 2017, with the most common types including Directory Traversal, Resources Downloaded over Insecure Protocol, Cross-Site Scripting (XSS), Denial of Service (DoS), Arbitrary Code Execution, and XSS attacks. These vulnerabilities can be exploited through various means, such as using relative directory paths to access sensitive data, intercepting connections to download resources securely, tricking browsers into executing malicious JavaScript code, saturating server resources, running malicious code on vulnerable servers, and filling server disks or memory with malicious code. The Snyk Vulnerability database provides a comprehensive view of vulnerabilities from these ecosystems, allowing developers to stay informed and protect their applications.
Jun 27, 2018 540 words in the original blog post.
The Snyk team has developed an integration with Jira to streamline the vulnerability remediation process. The integration allows users to create Jira issues directly from a Snyk project's test report, including relevant details about the vulnerability and project. This feature is now available for all Pro and Enterprise plan customers. Additionally, the Snyk API makes it possible to create Jira issues programmatically. The team plans to expand this integration with automatic issue creation and integration with other issue trackers in future phases.
Jun 20, 2018 551 words in the original blog post.
Snyk is introducing service accounts, which are API tokens tied to an organization rather than a specific user, allowing customers to generate tokens for automation purposes without using actual user tokens. This feature is available to pro and enterprise customers, enabling them to create multiple service accounts with unique tokens that can be revoked at any time. To get started, customers can check out Snyk's documentation on setting up service accounts.
Jun 12, 2018 172 words in the original blog post.