Blog

Dispatches from the
AppSec Frontlines

Sharing insights and experiences solving
modern development infrastructure security challenges.

August 3, 2021 12 min read

Why Developers are Hackers’ New Targets (and What to do About it)

Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications...

Orion Cassetto
June 10, 2021 21 min read

Vendor vs. Developer: Codecov Lessons on AppSec Responsibility

Ilia Shkolyar
May 26, 2021 8 min read

How to Setup Branch Protection Rules in Azure DevOps

Tomer Almog
April 20, 2021 11 min read

The Codecov Breach – Development Infrastructure is the Weakest Link & its Now Rapidly Being Exploited

Amnon Even-Zohar
February 18, 2021 9 min read

ESLint: Compromising the Build using Supply Chain Attack

Amnon Even-Zohar
January 31, 2021 9 min read

A Unique Supply Chain Attack: The 2020 Sawfish

Amnon Even-Zohar
January 12, 2021 8 min read

Beyond SolarWinds: The “Octopus Scanner” Supply Chain Attack

Amnon Even-Zohar
January 4, 2021 10 min read

Why Microsoft’s Latest SolarWinds Admission Can’t Be Ignored

Andrew Fife
December 15, 2020 13 min read

Six AppSec Learnings from SolarWinds

Ronen Slavin
September 9, 2020 11 min read

Why You Need to Know SAMM

Ronen Slavin
September 1, 2020 15 min read

Security Best Practices for Azure DevOps

Ronen Slavin
August 5, 2020 10 min read

How to Setup Branch Protection Rules

Tomer Almog
July 23, 2020 13 min read

GitHub Permissions for Maximum Security

Ilia Shkolyar

We'll connect you with a Cycode expert who can share
more about the product and answer any questions you have