Content Type
Sign up for our newsletter
2023 Predictions for Modern Application Security
This blog analyzes trends in application security and predicts the future direction of enterprise application security programs.
Read MoreSCA vs SAST: Cybersecurity Comparison Tools
Compare SCA vs SAST to enhance cybersecurity. Understand their methods, benefits, and how they protect against software supply chain threats.
Read MoreHow to Choose the Right Vulnerability Management Tools
Discover core functions, benefits, and tips for selecting the best vulnerability management solutions to boost your cybersecurity efforts.
Read MoreNIST Secure Software Development Framework Tips to Stay Ahead of Future Requirements
Boost the security of your code with the NIST SSDF (Secure Software Development Framework). Safeguard your business and stay ahead of evolving cyber threats.
Read MoreEmbracing the Future of Secure Software Development: A Comprehensive Look at the SSDF
On May 20th, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new project registration.
Read MoreSupply Chain Attacks Overflow: PyPI Suspended New Registrations
On May 20th, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new project registration.
Read MoreWhat is Application Security Posture Management – Insights Into Gartner’s® New Report
Get insights into the elements of ASPM to learn how this approach transforms AppSec and enables teams to deliver securely at scale.
Read MoreThe Business Risks and Costs of Source Code Leaks and Prevention Tips
Protect your business from the serious consequences of code leaks by taking proactive measures to enhance your cybersecurity posture.
Read MoreModern AppSec Needs Code to Cloud Traceability
We talk about why you need code to cloud traceability to modernize your application security and secure your SDLC and CI/CD processes.
Read MoreTips to Secure the Software Development Lifecycle (SDLC) in Each Phase
With the explosion of attacks in the modern DevOps stack, it has become a vital business requirement to provide security for SDLC.
Read MoreSophisticated 3CX Software Supply Chain Attack Affects Millions of Users
3CX, an international VoIP IPBX software, experienced software supply chain attack. We detail what occurred, and how it can be prevented.
Read MoreTop 8 Cloud Application Security Challenges and Issues
Discover top cloud security threats and learn effective techniques to keep your cloud applications secure year-round.
Read MoreExposing Secrets Via SDLC Tools: The Artifactory Case
Our team investigated how sensitive information can get exposed via SDLC tools that may be used as part of your development pipeline.
Read MoreTop Open Source Supply Chain Security Risks & Tips to Prevent
Learn tips to strengthen software supply chain security and address open source software security risks and best practices.
Read MoreWhat is Secure SDLC? Best Practices for Enhanced Security
Understand SDLC security with our breakdown of each Software Development Life Cycle stage for enhanced software protection.
Read MoreGUAC Explained in 5 Minutes
We cover GUAC and its value for your team once GUAC reaches maturity and untangle the complexity of security and dependency metadata.
Read MoreWhat are the Five Elements of the NIST Cybersecurity Framework?
This blog details the five elements of the NIST cybersecurity framework and identifies the critical aspects of protecting any org.
Read MoreHow to Continuously Detect Vulnerable Jenkins Plugins to Avoid a Software Supply Chain Attack
See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.
Read MoreA DevOps Security Tutorial for Digital Business Leaders
DevOps is a good approach to improving the efficiency of the software development life cycle, but, DevSecOps is the better way to approach the process.
Read MoreModern AppSec Requires Extending Beyond SCA and SAST
Examining the evolution of application security and why securing the modern SDLC requires organizations to embrace new approaches to supply chain security.
Read MoreIntegrating Security into DevOps: A Step-By-Step Guide
If you haven’t already been integrating security into DevOps, now’s the time. Learn about the benefits & use this 4-step guide to secure your DevOps.
Read MoreSoftware Supply Chain Attack Leads to Trojanized Comm100 Installer
On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The installer was compromised using a supply chain attack on the Comm100 development pipeline.
Read MoreGitHub Codespaces Security Best Practices
GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.
Read MoreSoftware Supply Chain Risks to Be Aware of
Discover four key supply chain risks every CISO must address as software technology evolves and security becomes crucial.
Read MoreSoftware Artifacts Best Practices to Prevent Getting Hacked
Malicious actors are poisoning your artifacts to compromise your software supply chain. Learn how to protect your software artifacts and secure servers.
Read MoreNew Software Supply Chain Attack Installs Trojans on Adobe's Magento E-Commerce Platform
A popular vendor of Magento-Wordpress plug-ins/integrations with 200,000 downloads, has been hacked. This attack is a reminder that malicious 3rd party plug-ins for popular platforms, in this case FishPig integrations for Magento e-commerce platforms, can open the door to critical vulnerabilities.
Read More8 Best Practices in Cyber Supply Chain Risk Management to Stay Safe
Discover the four types of threats to business software supply chains and the 8 best practices in risk management to help keep them secure.
Read MoreGoogle & Apache Found Vulnerable to GitHub Environment Injection
Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.
Read More10 Agile Software Development Security Concerns You Need to Know
Agile development methodology has become increasingly popular, but it doesn’t come without security concerns. Get to know the top 10 agile software development security concerns you face.
Read MoreHow Was LastPass Compromised?? Software Supply Chain Attack Tips
LastPass data breach: unauthorized access compromised developer accounts and proprietary source code. Learn about the LastPass security incident details and how to protect your business.
Read More5 Things You Need to Know About Application Security in DevOps
AppSec isn’t always top of mind - but it should be. And here’s why. Learn about the 5 things you need to know about application security in DevOps.
Read MoreBreaking News: How a Massive Malware Attack Almost Occurred on GitHub
Earlier today, Stephan Lacy published a Twitter post about a massive attack on GitHub. Even though later it was understood that none of the original GitHub repositories was infected, the attack attempt is a huge deal.
Read MoreHow to Secure Your Software Supply Chain in 10 Steps
Create a Secure Software Supply Chain in 10 Easy Steps In today’s age of security breaches, it’s more important than ever to create a secure software supply chain. Follow these 10 easy steps to keep your business safe.
Read MoreSecure Software Development Lifecycle (SDLC): Key Phases Guide
Explore how to seamlessly integrate security into SDLC phases, transforming your development process to achieve enhanced protection and resilience.
Read MoreData Security Best Practices to Code Securely and Protect Your Data
Boost your business with secure coding practices. Explore our list to improve data security practices and ensure success in your SDLC.
Read MoreSecure GitHub: How to Keep Your Code and Pipelines Safe from Hackers
Is GitHub safe? Discover how developers can avoid misconfigurations and vulnerabilities to ensure secure collaboration on GitHub.
Read MoreA 10-Step Application Security Risk Assessment Checklist
An application risk assessment is an essential tool to help security and development teams spot hidden vulnerabilities before they become a problem.
Read MoreGitHub Security Best Practices Your Team Should Be Following
This article will explain why security and GitHub should go hand in hand and describes a few best practices we believe any organization using GitHub should employ to reduce GitHub security risks.
Read MoreForget about DevOps, It’s Time to Adopt the DevSecOps Mindset
Debunk common DevSecOps myths and discover why understanding the actual role of DevSecOps is essential for modern security and development practices.
Read MoreWhat Are Immutable Tags And Can They Protect You From Supply Chain Attacks?
Some tags cannot be trusted to reference the same object all the time, and can be changed without the users’ knowledge, opening the door to a supply chain attack.
Read MoreVulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks
We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
Read MoreLatest GitHub OAuth Tokens Attack Explained and How to Protect Yourself
This GitHub OAuth access token attack was announced by GitHub Security and is a compromise of OAuth access tokens issued to Heroku and Travis-CI integrations.
Read MoreWhat is an SBOM? SBOM explained in 5 minutes
What is an #SBOM, how is it used and why it is important to software supply chain security? We explain the SBOM in 5 minutes, discuss where SBOM adoption is headed and help you think beyond SBOM to gain greater visibility and security across your entire software supply chain environment.
Read MoreA Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important lessons in securing a software supply chain.
Read MoreVulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
Read MoreDetecting Secrets in Your Source Code
What are secrets in source code, why they must be protected, and how to keep them safe.
Read MoreWhat Is SLSA? SLSA Explained In 5 Minutes
Learn about SLSA (Supply-chain Levels for Software Artifacts), a security framework and a common language for improving software security and supply chain integrity.
Read MoreRequest a Demo
Request a demo including the option to analyze your own software supply chain.