Snyk

SQL injection (SQLi) is a severe security threat that happens when malicious SQL code is injected into user inputs, potentially compromising the database. To avoid SQLi, it's crucial to avoid using string concatenation for SQL queries. Instead, Entity Framework (EF) offers secure options: LINQ for most queries, FromSqlInterpolated for raw SQL using string interpolation, and FromSqlRaw when explicit parameters are defined. Tools like Snyk Code can help detect unsafe code during development.

Preventing SQL injection in C# with Entity Framework

Amazon S3 provides scalable, high-performance cloud storage, but securing S3 buckets is crucial to prevent data breaches. Key vulnerabilities include misconfigured permissions, unencrypted data, and lack of monitoring. Best practices for S3 bucket security include safeguarding permissions using IAM roles, enforcing encryption, and implementing secure transport policies like HTTPS. Regular auditing and using tools like Snyk for automated detection and remediation of cloud misconfigurations can significantly bolster security.

How to secure an S3 bucket on AWS?

Snyk's blog is a source of information and advice for developers looking to ensure the security of their software applications. From vulnerability management and secure coding practices to compliance standards and threat intelligence, it covers a wide range of topics relevant to software security. Through practical tips, case studies, and expert commentary, the blog empowers developers to identify and address security vulnerabilities in their code, helping them build and maintain secure software applications in today's threat landscape.

Best of Snyk — July 2024