snyk.io Open in urlscan Pro
2a02:26f0:e600:580::ecd  Public Scan

Form analysis
0 forms found in the DOM

Text Content

You need to enable JavaScript to run this app.
 * Values
 * Team
 * Research

DEEnglishDeutschFrançais日本語Português (BR)
Report a new vuln


SECURITY LABS

At Snyk, our Security Labs team is dedicated to improving application security
through high-impact research. We aim to enhance developers’ and security teams’
expertise by offering comprehensive research and tools.

Our work has led to major CVEs in core container infrastructure, closed
significant supply-chain attack vectors in popular open-source registries, and
demonstrated novel attacks on emerging technologies like AI and LLMs.




OUR VALUES

Awareness

Bringing light to under-represented areas of security and help educate
developers through research.

Impactful security

Finding and helping fix wide-impacting vulnerabilities in open-source software
(OSS) and modern applications.

Scalability

Conducting security research at scale.

Community collaboration

Creating tools to help the community discover and mitigate vulnerabilities and
threats.


MEET THE TEAM

Get to know our team of security researchers.

A former gardner turned security wizard. When not fuzzing native libraries and
breaking modern AppSec, Raul can be found looking for ways to optimize his
sourdough bread while enjoying the classic Belgian beer Delerium.

Raul Onitza-Klugman

Staff Security Researcher

Bio

Long-time bug bounty hunter, ex-pentester, and AppSec engineer. Rory is
passionate about race conditions and Linux exploitation.

Rory McNamara

Staff Security Researcher

Bio

Ex-pentester and AppSec engineer with a focus on anything web security. When not
hacking, Elliot loves to skateboard and snowboard.

Elliot Ward

Senior Security Researcher

Bio


FEATURED RESEARCH

Check out some of the recent high-profile research from the Security Labs team.

See all our research
Blog

Call for action: Exploring vulnerabilities in Github Actions

In this blog post, we will provide an overview of GitHub Actions, examine
various vulnerable scenarios with real-world examples, offer clear guidance on
securely using error-prone features, and introduce an open source tool designed
to scan configuration files and flag potential issues.

Blog

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Snyk security researcher Rory McNamara, with the Snyk Security Labs team,
identified four vulnerabilities — dubbed "Leaky Vessels" — in core container
infrastructure components that allow container escapes.

Blog

Gitpod remote code execution 0-day vulnerability via WebSockets

In this post, we present the first findings from our current research into Cloud
Development Environments (CDEs) — which allowed a full account takeover through
visiting a link, exploiting a commonly misunderstood vulnerability (WebSocket
Hijacking), and leveraging a practical SameSite cookie bypass.


FOUND A VULNERABILITY? WE CAN HELP YOU REPORT IT.

Using our form, you can disclose vulnerabilities you’ve found or vulnerabilities
that are missing from the Snyk Vulnerability Database. We’ll help you verify the
vulnerability,  contact the maintainer, and assign a CVE for the issue.

Before submitting a report, please review our disclosure policy, which can be
found here.

Report a new vuln



Snyk ist eine Developer Security Plattform. Integrieren Sie Snyk in Ihre Tools,
Workflows und Pipelines im Dev-Prozess – und Ihre Teams identifizieren,
priorisieren und beheben Schwachstellen in Code, Abhängigkeiten, Containern,
Cloud-Ressourcen und IaC nahtlos. Snyk bringt branchenführende Application &
Security Intelligence in jede IDE.

Kostenlos startenLive-Demo buchen

Produkt

Was ist Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk
Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security
PlattformAnwendungssicherheitSicherheit für die Software-LieferketteSicherheit
für KI-generierten Code DeepCode
AIPreiseDeployment-OptionenIntegrationenIDE-Plug-insGit-SicherheitSicherheit für
CI/CD-PipelinesSnyk CLISnyk LearnSnyk for JavaScript

Ressourcen

DokumentationSnyk API-DocsAPI-StatusReporting zu SicherheitslückenSupport-Portal
& FAQsBlogSecurity-GrundlagenRessourcen für Security-LeaderRessourcen für
ethische HackerSchwachstellen-DatenbankSnyk OSS AdvisorSnyk Top
10VideosRessourcen für KundenSecurity Labs

Unternehmen

Über SnykKunden-StoriesKarriere und KulturEventsTechnologien für die öffentliche
HandUnser Commitment zu SicherheitNutzungsbedingungenDatenschutzFür Einwohner
Kaliforniens: Meine persönliche Daten dürfen nicht weiterverkauft
werden.Website-Nutzungsbedingungen

Connect

Live-Demo buchenKontaktSupportSchwachstelle melden

Security

AnwendungssicherheitContainer-SicherheitSicherheit für die
LieferketteJavaScript-SicherheitOpen-Source-SicherheitAWS-SicherheitSecure
SDLCSecurity-StatusSichere ProgrammierungEthisches HackingCybersecurity und
KICode CheckerPythonEnterprise CybersecurityJavaScriptSnyk + GitHubSnyk vs.
VeracodeSnyk vs. Checkmarx

© 2024 Snyk Limited
Alle Rechte vorbehalten

 * 
 * 
 * 
 * 
 * 
 *