This guide discusses how XSS vulnerabilities originate in Django apps and what you can do to mitigate them. You’ll also learn how to use free security tools to detect and fix XSS vulnerabilities early in development. — Originally published at https://snyk.io/blog/preventing-xss-in-django Cross-Site Scripting (XSS) is a type of vulnerability that involves manipulating user interaction with a web application to compromise a user’s browser environment. These vulnerabilities can affect many web apps, including those built with modern frameworks such as Django.

Whether you’re a developer or simply interested in learning more about security in Java, this post will provide you with information and insights to help keep your Java applications secure. — Originally published at https://snyk.io/blog/mitigating-path-traversal-java-snyk-code Path traversal is a type of security vulnerability that can occur when a web application or service allows an attacker to access server files or directories that are outside the intended directory structure. This can lead to the unauthorized reading or modification of sensitive data. In…

In this article, we’ll look at three popular frameworks — Express.js, NestJS, and Fastify — and evaluate them according to how well they align with the Node.js security best practices. — Originally published at https://snyk.io/blog/comparing-node-js-web-frameworks JavaScript is the world’s most popular programming language, providing many web frameworks that help developers build secure, reliable Node.js web applications. Each framework has unique features, and which framework is right for you depends on your preference and the type of application you intend to create.

Vue is a popular JavaScript framework for building versatile web interfaces. Some of its most compelling features are its easy integration into existing code-bases and lightweight framework, making it easy for developers to start using in their frontend projects. At the core of Vue is a composable component approach to…

In this article, we’ll look at the pitfalls of worker threads and how they differ from the multithreading implementations in other programming languages. — Originally published at https://snyk.io/blog/node-js-multithreading-worker-threads-pros-cons Node.js presents a single-threaded event loop to your application, which allows CPU-bound operations to block the main thread and create delays. The worker_threads module addresses this problem by providing a mechanism for running code in parallel using a form of threading.

TLDR This article walks us through a current Snyk Security Labs research project focusing on cloud based development environments (CDEs) — which resulted in a full workspace takeover on the Gitpod platform and extended to the user’s SCM account. …

Were you tasked with building a product that requires the execution of dynamic JavaScript originating from end users? You might think building it on-top of Node.js VM module is a viable way to create a JavaScript sandbox. …

Python offers a range of libraries for encrypting and securing network communication. In this article, we will explore two of the most popular — cryptography and Paramiko. — Originally published at https://snyk.io/blog/using-python-libraries-for-secure-network-communication/ Automatically find and fix vulnerabilities in your code, open source, and containers. Python is a popular and powerful programming language that is often used for building web applications, data analysis, and automation. One of the key challenges in such projects is ensuring the security of network…

In this post, we will cover three Advanced IntelliJ debugger features that I’ve found to be audience favorites when giving talks on this subject. — Originally published at https://snyk.io/blog/advanced-intellij-debugger-features/ Automatically find and fix vulnerabilities in your code, open source, and containers. I recently finished writing my debugging book and a debugging course. And as a result, I frequently get asked about my favorite debugging features. Debugging is much more than the IDE debugger. In fact…