Hardening Your SDLC in Response to Lapsus$ Breaches
Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.
Hardcoded Secrets
Using the Principle of Least Privilege for Maximum Security
It’s a simple concept, so why doesn’t every organization enforce the principle of least privilege?
How To Prevent AWS S3 Bucket Misconfigurations
WS S3 misconfigurations account for 16% of cloud security breaches. To avoid suffering a breach because of an AWS S3 bucket misconfiguration, it is imperative to implement best practices.
Software Supply Chain Security: Your Attack Surface Is Bigger Than You Think
When most organizations approach software supply chain security, too often they think only about securing the open source or third-party dependencies in their code.
A Secrets Management Maturity Model
Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.
Cycode Integration with JFrog Pipelines and Artifactory
JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.
AWS CloudFormation Security: 8 Best Practices
AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the initialization, provisioning, and…
Secrets Management and DevOps: A Risk-based Approach to Eliminating Hardcoded Secrets
In some of the more recent high-profile…
7 Terraform Security Best Practices
Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…
8 Infrastructure as Code (IaC) Best Practices for Security
Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…