Integrating Infrastructure as Code Security into Developer Workflows
Over the last decade or so, developers have shifted from provisioning infrastructure by way of IT teams and ticketing systems to…
BLOG
Kubernetes Security Best Practices: 8 Tips to Secure K8s
Kubernetes is a powerful tool allowing for orchestration of containerized services, applications, and workloads…
8 Infrastructure as Code (IaC) Best Practices for Security
Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…
Why Developers are Hackers’ New Targets (and What to do About it)
Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.
Vendor vs. Developer: Codecov Lessons on AppSec Responsibility
The Codecov breach is an example of a classic software supply chain attack, in which attackers gain organization access by compromising 3rd…
Exploring the Chainjacking Attack
Several forms of supply chain attack have recently emerged that allow for attackers to insert themselves between developers and the dependencies they utilize.
How to Setup Branch Protection Rules in Azure DevOps
Branch protection rules are a crucial part of securing source control management systems. Branch protection rules enable administrators…
The Codecov Breach – Development Infrastructure is the Weakest Link & its Now Rapidly Being Exploited
On April 15th, Codecov disclosed a major breach when an attacker compromised its infrastructure allowing to export sensitive information like…
ESLint: Compromising the Build using Supply Chain Attack
A supply-chain attack is an indirect attack which targets the tools, automatic software updates or supply chain in general, in order to introduce malicious code or dependencies into existing software, without the developers being aware.
A Unique Supply Chain Attack: The 2020 Sawfish
For attackers targeting technology businesses, the goal is often stealing intellectual property and other data, which can either be sold for profit…