Hardcoded Secrets

Hardening Your SDLC in Response to Lapsus$ Breaches

August 24, 2022March 22, 2022 by Ronen Slavin

Over the last several weeks, Lapsus$ has taken down a who’s who of software development teams: NVIDIA, Samsung, Vodafone, Ubisoft, and Mercado Libre.

Using the Principle of Least Privilege for Maximum Security

November 22, 2022March 10, 2022 by Tony Loehr

It’s a simple concept, so why doesn’t every organization enforce the principle of least privilege?

How To Prevent AWS S3 Bucket Misconfigurations

November 28, 2022March 1, 2022 by Tony Loehr

WS S3 misconfigurations account for 16% of cloud security breaches. To avoid suffering a breach because of an AWS S3 bucket misconfiguration, it is imperative to implement best practices.

Software Supply Chain Security: Your Attack Surface Is Bigger Than You Think

August 24, 2022February 28, 2022 by Julie Peterson

Software Supply Chain Security and SDLC Attack Vectors

When most organizations approach software supply chain security, too often they think only about securing the open source or third-party dependencies in their code.

A Secrets Management Maturity Model

November 3, 2022January 14, 2022 by Jon Jarboe

Maturity models may be a controversial topic, but used properly we believe they can help leaders understand their capabilities and develop a roadmap for improvement.

Cycode Integration with JFrog Pipelines and Artifactory

November 22, 2022December 31, 2021 by Tony Loehr

JFrog and Cycode created an integration that will improve the security of our customers’ digital assets and dependencies.

AWS CloudFormation Security: 8 Best Practices

November 28, 2022November 17, 2021 by Tony Loehr

AWS CloudFormation gives organizations the ability to easily manage a collection of AWS resources by automating the initialization, provisioning, and…

7 Terraform Security Best Practices

November 29, 2022November 2, 2021 by Tony Loehr

Terraform, developed by Hashicorp, is an infrastructure as code (IaC) framework that allows for declarative resource provisioning…

8 Infrastructure as Code (IaC) Best Practices for Security

November 28, 2022October 7, 2021 by Tony Loehr

Infrastructure as Code (IaC) is a rapidly growing technique of provisioning infrastructure with software, utilizing software…

Why Developers are Hackers’ New Targets (and What to do About it)

August 24, 2022August 3, 2021 by Orion Cassetto

Compromised credentials are a tried-and-true tactic for hackers looking to gain access to secured systems, including personal accounts, corporate networks, SaaS applications and even development environments.