April 2018 Summaries
4 posts from Snyk
Filter
Month:
Year:
Post Summaries
Back to Blog
Local type inference for Java 10 and beyond allows developers to replace explicit types with the new reserved type name 'var', which infers the variable's type at compile time. This feature aims to reduce clutter and improve code readability without compromising understandability. However, it is crucial to consider factors such as variable names, scope, initializer information, and potential risks when using var for local variables. By following guidelines and best practices, developers can effectively utilize this new feature to enhance their Java coding experience.
Apr 26, 2018
1,868 words in the original blog post.
The text discusses common pitfalls in JavaScript and Node.js security, highlighting the importance of awareness and caution when building applications on these platforms. The author has given talks on JavaScript security, aiming to raise awareness and keep applications safer, including a 20-minute live hacking session at JSKongress. To check for known vulnerabilities, Snyk can be used to test dependencies, with sign-up options available.
Apr 11, 2018
172 words in the original blog post.
A vulnerability was identified in FTP clients and libraries that allows malicious servers to create or overwrite files anywhere on the local file system, due to a lack of validation of filenames returned by the server. This can be exploited by an attacker to execute arbitrary code, such as overriding the authorized_keys file for the root user on an Apache Hive instance. The vulnerability was discovered in November 2017 and responsibly disclosed to several affected vendors, who plan to release a fixed version by the end of February 2018. It is essential that inputs are validated to prevent similar issues, especially when processing directory listings from FTP servers, and to ensure the security of applications and libraries that use these protocols.
Apr 04, 2018
1,603 words in the original blog post.
Snyk has integrated its vulnerability database with Google Chrome's Lighthouse, a tool that tests websites for performance, accessibility, and security issues. The integration allows Lighthouse to detect known security vulnerabilities in JavaScript libraries used by websites, providing developers with critical information about potential security issues. This collaboration aims to increase awareness of vulnerable libraries and promote the use of secure coding practices, ultimately improving the overall security of the web.
Apr 03, 2018
578 words in the original blog post.