Blog

Authors

Roy Blit

Roy Blit

Showing all posts by Roy Blit

How to Reduce the Risk of Using External AI Models in Your SDLC

April 12, 2024

How to Reduce the Risk of Using External AI Models in Your SDLC. Understand how AI models add risk and how to address it.

Learn how vulnerable self-hosted runners can lead to severe software supply chain attacks.

DevOps AppSec Threats

GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

January 18, 2024

Learn how vulnerable self-hosted runners can lead to severe software supply chain attacks.

Explore the risks of secret exposure through leaked source code & why traditional scanners may not fully protect against it. Learn effective security strategies for secrets in the SDLC.

AppSec Threats

5 Ways Attackers Exploit Hardcoded Secrets & How to Prevent

April 25, 2023

Explore the risks of secret exposure through leaked source code & why traditional scanners may not fully protect against it. Learn effective security strategies for secrets in the SDLC.

Legitify is an open-source GitHub and GitLab configuration scanner from Legit Security that helps manage & enforce SCM configuration best practices in a secure and scalable way

Legit SCMs

Legitify adds support for GitLab and GitHub Enterprise Server

January 25, 2023

Legitify is an open-source GitHub and GitLab configuration scanner from Legit Security that helps manage & enforce SCM configuration best practices in a secure and scalable way

OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1st. It means that on Tuesday the race will start between those who patch and those who exploit.

Threats

Critical and Time Sensitive OpenSSL Vulnerability - The Race Between Attackers and Defenders

October 31, 2022

OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1st. It means that on Tuesday the race will start between those who patch and those who exploit.

Legitify is an open-source GitHub configuration scanner from Legit Security that helps manage & enforce GitHub configurations in a secure and scalable way

Legit SCMs

Introducing Legitify: A Better Way To Secure GitHub

October 05, 2022

Legitify is an open-source GitHub configuration scanner from Legit Security that helps manage & enforce GitHub configurations in a secure and scalable way

This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.

Best Practices SCMs

GitHub Security Best Practices Your Team Should Be Following

May 31, 2022

This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.

This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.

Explainers Threats SCMs

Latest GitHub OAuth Tokens Attack Explained and How to Protect Yourself

April 18, 2022

This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.

Learn about SLSA (Supply-chain Levels for Software Artifacts), a security framework and a common language for improving software security and supply chain integrity.

Explainers

What Is SLSA? SLSA Explained In 5 Minutes

January 21, 2022

Learn about SLSA (Supply-chain Levels for Software Artifacts), a security framework and a common language for improving software security and supply chain integrity.