Application Security with Snyk
Protect your application from malicious attacks from the start with Snyk a software intelligence product designed to help you find security vulnerabilities in your products.
Security is one of the major pillars of your application, without this pillar, the chances of your application crumbling are high. The reason to focus more on security right from the earliest stages is simple: in order to stay secure, you need to get security right every time. However, attackers on the other hand need to get an attack right only once to succeed.
When you first build your application, you might think security isn't of high importance. "My application's at an infant stage. There's nothing any malicious actors would be interested in. I'll consider security when I scale the application," you might tell yourself.
If you have this thought, you're not the first. But think some more about it. Malicious actors are patient. They could install backdoors in your application or create a zero-day vulnerability when your application lacks security. They could even wait for years and then exploit it when you have a lot to lose. Are you willing to take that risk? Well, you shouldn't.
Security issues in applications happen for two main reasons:
- Security loopholes in the logic of the application
- Insecure code implementation
Snyk is a security intelligence product that helps you identify and fix vulnerabilities in your application. This course helps you become familiar with Snyk so you can learn to use it to meet your security needs.
Duration2 days/16 hours of instruction
Public Classroom Pricing
GSA Price: $1485
Group Rate: $1495
Private Group Pricing
Have a group of 5 or more students? Request special pricing for private group training today.
Download the Course Brochure
Part 1: Introduction to Snyk
- What is Snyk?
- How does Snyk work?
- Snyk features
- Snyk CLI
- Snyk API
- License compliance management
- Snyk intel vulnerability database
- Fixing and prioritizing issues
- Programming languages that Snyk supports
- Exercise: Create your Snyk account.
- Introduction to Snyk products
- Snyk open source
- Snyk code
- Snyk container
- Infrastructure as code
- Exercise: Install Snyk CLI using npm, Homebrew, or Scoop.
Part 2: Snyk Open Source
- Which source code management systems does Snyk support?
- Azure Repos
- Exercise: Run the first vulnerability check to the previously added project and view the report. Note the number of issues found in the project and the number of highly severe vulnerabilities. Choose one of the highly severe vulnerabilities, and understand the information provided in the summary.
- Exercise: Fix all the vulnerabilities with high severity by creating a manual pull/merge request. Once the vulnerability fix is updated on the repo, run the vulnerability check again to verify the fix.
- How do automatic pull/merge requests work for the vulnerability fix?
- Exercise: Set up automatic pull/merge requests for new vulnerabilities and clear the backlog of vulnerabilities in priority order.
- Exercise: Integrate Snyk into your Git-based workflow.
Part 3: Snyk Code
- Snyk Code and the developer-first approach
- Snyk Code AI engine
- Features of Snyk Code:
- Accurate code flaw detection
- Secret information detection in code
- Code flow visualization
- Provides information about security issues, their background, and how to approach them
Part 4: Snyk Container
- What security do containers provide?
- Decreases attack surface
- Isolates applications
- Makes security patching easier, with less disruption
- Security risks with containers
- Privilege escalation
- Risk of using insecure images
- Kernel or memory threats induced by code
- Introducing Snyk container
- Snyk container detection: Snyk scans images to find operating system packages, unmanaged software, and application packages based on manifest file
- Supported operating systems: Debian, Ubuntu, CentOS, Red Hat Enterprise Linux (including UBI), Amazon Linux 2, SUSE Linux Enterprise Server, Alpine
- Recurring scans
- Exercise: Add container registry integration to your Snyk account. Add a container project, and view vulnerabilities for the projects.
- Exercise: Use Snyk container CLI to test a Docker container image in a Ubuntu machine. Identify the number of vulnerabilities found, and determine how many of these are related to dependencies.
- Exercise: Set up Snyk integration to save a snapshot of an image and alert you to new vulnerabilities when they arise.
Part 5: Snyk Infrastructure as Code (IaC)
- Exercise: Configure your integration for a Kubernetes environment. Then scan Kubernetes configuration files, and fix the security issues you find.
Part 6: Snyk License Compliance Management and Vulnerability Database
- What is Snyk license compliance management?
- Exercise: Integrate and add an open-source project to your Snyk. Create a high-severity license policy by adding severity, description, and instructions. Run a scan on the project, and check for license compliance issues.
- Access and understand the information in Snyk's intel vulnerability database.
Part 7: Administration
- Exercise: Add a user to Snyk, and set up a Single Sign-On (SSO) for the user. Allow the user to add and delete objects, and update a project with a new screenshot. Configure the session length for this user to be two days.
- Manage groups and organizations in Snyk: Create groups and switch between groups and organizations.
- Exercise: Create two Snyk organizations, and switch between them using the Web UI and CLI.
- Exercise: Configure Snyk notifications to send weekly reports only for high-severity vulnerabilities to a newly added user.
- Cybersecurity Specialists
- IT Security Specialists
- Data Security Specialists
- System Analysts/Admins
- Developers and Engineers Looking to Specialize in Synk
- Install Snyk CLI using npm, Homebrew, or Scoop
- Run the vulnerability checks
- Fix vulnerabilities with high severity by creating manual pull/merge requests
- Run analysis on code using Snyk's JetBrains IDE plugin
- Use Snyk container CLI to test Docker container images
- Scan Kubernetes configuration files, and fix the security issues
- Create a high-severity license policy by adding severity, description, and instructions
- Configure Snyk notifications to send regular reports