Hardening Your SDLC in Response to Lapsus$ Breaches
Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.
Least Privilege Enforcement
Using the Principle of Least Privilege for Maximum Security
It’s a simple concept, so why doesn’t every organization enforce the principle of least privilege?
Jenkins Security Best Practices
Jenkins is one of the most well-known tool for creating automation pipelines and integrating them with the rest of your CI/CD tools. It has an active community that has contributed thousands of plugins to extend Jenkins’ core functionality…
Improve Application Security with Cycode’s Knowledge Graph and Policies
Forrester predicts insiders will cause 33% of all data exposure incidents in the upcoming year.
NIST Cybersecurity Framework (NIST CSF)
The National Institute of Standards and Technology (NIST) first released its Cybersecurity Framework in 2014 in response to an Obama-era Executive Order mandating…
AWS CloudFormation Security: 8 Best Practices
AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the initialization, provisioning, and…
Kubernetes Security Best Practices: 8 Tips to Secure K8s
Kubernetes is a powerful tool allowing for orchestration of containerized services, applications, and workloads…
8 Infrastructure as Code (IaC) Best Practices for Security
Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…
Why Developers are Hackers’ New Targets (and What to do About it)
Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.
ESLint: Compromising the Build using Supply Chain Attack
A supply-chain attack is an indirect attack which targets the tools, automatic software updates or supply chain in general, in order to introduce malicious code or dependencies into existing software, without the developers being aware.