Kevin Broughton : Mar 14, 2023 2:18:50 PM
In this blog post, we'll discuss 8 of the top threats targeting cloud applications in 2023. Taking steps to protect your cloud applications against these 8 threats will to help keep your business secure and avoid vulnerabilities.
Read More
Tor Beer : Feb 28, 2023 7:00:00 AM
Development secrets are any data sensitive to an organization or person and should not be exposed publicly. It can be a password, an access key, an...
Kevin Broughton : Feb 15, 2023 7:03:58 PM
Rapid innovation is the lifeblood of many companies in the digital age. If your organization employs a CI/CD workflow, you need an effective...
.jpg?width=30&name=LW_LEGIT_20_EladNamdar_1132%20(1).jpg){kind=small}
Elad Namdar : Feb 13, 2023 7:00:00 PM
As more organizations and applications rely on open-source software, it is crucial to ensure that the software is secure and free from...
Tali Orenbach : Feb 7, 2023 6:00:00 AM
SDLC (Software Development Life Cycle) is a breakdown of all the stages involved in software creation. There are distinct SDLC stages and many...
Amit Hofree : Jan 31, 2023 12:00:00 AM
GUAC stands for Graph for Understanding Artifact Composition and was developed by Google in collaboration with industry leaders to make it easier to...
Roy Blit : Jan 25, 2023 3:09:07 PM
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data...
.jpeg?width=30&name=Image%20(1).jpeg){kind=small}
Arnon Trabelsi : Jan 23, 2023 3:47:08 PM
A cybersecurity framework is a group of documents outlining guidelines, security-related standards, and best practices to help organizations manage...
1 min read
Tor Beer : Jan 19, 2023 7:15:00 AM
Secrets are any data that is sensitive to an organization or person and should not be exposed publicly. It can be a password, an access key, an API...
1 min read
Tor Beer : Jan 18, 2023 5:43:00 AM
Everybody is familiar with downtimes in major services. It can be very frustrating when a platform your organization depends upon becomes...
Liav Caspi : Jan 9, 2023 10:23:37 AM
Software dominates the world and remains abig and accessible attack surface.In 2022, an estimated $6Bwas invested in Application Security, with that...
-1.jpg?width=30&name=DSC08054%20(2)-1.jpg){kind=small}
Nadav Noy : Jan 4, 2023 6:21:15 AM
Jenkins is an open-source automation and build platform that allows for automated tests, integrations, builds, and much more. However, Jenkins also...
Ofer Kozokaro : Dec 28, 2022 8:03:17 AM
DevOps is a great approach to improve the speed and efficiency of software development, but there are practices that your team can implement to...
John Tierney : Dec 6, 2022 6:30:05 AM
Once upon a time in Application Security, times were simpler. Not long ago security and development teams could simply scan their code for...
Noam Dotan : Dec 1, 2022 9:02:33 AM
The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the...
Justin Bahr : Nov 29, 2022 6:45:38 AM
What are different solution approaches to software supply chain security and what are the Pros and Cons for your organization? What is the modern...
1 min read
Roy Blit : Oct 31, 2022 12:45:39 PM
Update: On November 1st the OpenSSL project maintainers released their fix for the vulnerabilities. There were two vulnerabilities discovered. After...
Nadav Noy : Oct 12, 2022 11:00:10 AM
On Oct 7th, Toyota announced a possible data leakage incident stemming from a code repository in their software supply chain. The compromised data...
Justin Bahr : Oct 11, 2022 6:31:03 AM
If you haven’t already been integrating security into DevOps, we've provided this 4-step guide to help smooth the transition as well as describe the...
Roy Blit : Oct 5, 2022 8:07:38 AM
We’re pleased to announce the launch of Legitify – an open-source security tool for GitHub users to automatically discover and remediate insecure...
Nadav Noy : Oct 3, 2022 4:23:08 PM
On the 29th of September, it was revealed that the installer for the widely used Comm100 Live Chat application included malicious trojan malware. The...
Noam Dotan : Sep 28, 2022 1:37:33 PM
When GitHub released Codespaces last year it was touted as their best release since GitHub Actions. If you’re using Codespaces or thinking about it,...
Gal Ofri : Sep 22, 2022 8:45:00 AM
Today most business leaders realize that no matter what industry they operate in, their organizations are truly technology companies that serve...
Gal Ofri : Sep 19, 2022 2:58:57 PM
Malicious actors are poisoning your artifacts in an attempt to infect your software supply chain so that you deploy those compromised (i.e.,...
Gal Ofri : Sep 15, 2022 2:12:43 PM
A popular vendor of Magento-Wordpress plug-ins/integrations with over 200,000 downloads, has been hacked. This recent attack is a reminder that...
Justin Bahr : Sep 13, 2022 6:28:38 AM
In this blog post, we'll discuss the four types of software supply chain threats businesses face. Use these 8 best practices in cyber supply chain...
Noam Dotan : Sep 8, 2022 11:47:40 AM
Update: a few weeks after this publication, GitHub decided to fix the issue and employed the mitigation we recommended to them in our initial report....
Noam Dotan : Sep 1, 2022 10:00:03 AM
In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of
Alex Babar : Aug 31, 2022 11:45:58 AM
Agile software development is a type of methodology that centers around the core principle of flexibility. Agile development methods recognize that a...
1 min read
Noam Dotan : Aug 29, 2022 9:17:15 PM
LastPass, one of the world's largest password managers with 25 million users, disclosed that an unauthorized party had gained access to portions of...
Nadav Noy : Aug 22, 2022 1:53:35 PM
Application Security (AppSec) is the process of identifying, testing, and fixing security flaws in an application. Although it may be tempting to...
Tor Beer : Aug 3, 2022 6:30:29 PM
Earlier today, Stephen Lacy published a Twitter post about a massive attack attempt on GitHub. This attack attempt is a huge deal, but fortunately it...
Tor Beer : Aug 2, 2022 12:39:59 PM
A software supply chain is the list of components, libraries, and tools used to build a software application. Software vendors often create products...
Liav Caspi : Jul 18, 2022 7:49:58 AM
Development teams already work in a very methodical repeating process – the Software Development Lifecycle (SDLC) – and a huge opportunity exists to ...
Dex Tovin : Jul 5, 2022 7:11:28 AM
The principles of data security are pretty simple, although organizations have a tendency to short cut them in their SDLCs. Data security is defined...
Amit Hofree : Jun 20, 2022 11:27:37 AM
GitHub is one of the most widely used software development platforms. You’d be hard-pressed to find a developer or a business that has never used or...
Liav Caspi : Jun 13, 2022 7:57:25 AM
As we head to the Open Source Summit conference next week, we wanted to discuss our contributions to the open source community, why we invest so much...
Dex Tovin : Jun 6, 2022 8:57:50 AM
An application security risk assessment is a process of identifying, assessing, and managing the...
Roy Blit : May 31, 2022 8:18:08 AM
Configuring security in GitHub correctly can offer strong protection against breaches related to application vulnerabilities. The platform comes with...
Dex Tovin : May 23, 2022 1:41:56 PM
DevOps is a practice used to deliver software and services faster. As more businesses adopt DevOps, they are also adopting DevOps security tools to...
Shay Elmualem : May 16, 2022 8:37:35 AM
DevOps isn’t a new concept. The term was first coined around 2009 by Patrick Debois as a way to describe not only technology and standards, but also...
Shay Elmualem : May 9, 2022 9:11:30 AM
Artifacts, such as container images, are referenced during the development lifecycle using tags – a readable short name (usually a version like...
Noam Dotan : May 2, 2022 10:44:09 AM
In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...
Roni Fuchs : Apr 25, 2022 11:15:04 AM
Application Security (AppSec) has been around for decades, but it has fallen behind application development advancements like DevOps and cloud. How...
Roy Blit : Apr 18, 2022 2:02:36 PM
On Friday April 15, GitHub Security announced it had detected the compromise of OAuth access tokens issued to Heroku and Travis-CI integrations to...
Gal Ofri : Apr 11, 2022 6:47:38 AM
SBOM stands for Software Bill Of Materials: a nested description of software artifact components and metadata. This information can also include...
Tor Beer : Apr 6, 2022 7:20:02 AM
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important...
Noam Dotan : Apr 4, 2022 3:01:54 PM
At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...
Nir Bashan : Mar 11, 2022 9:18:44 AM
Exposed secrets in source code pose a risk to you, your team and your entire organization. But what are secrets exactly? How do they become exposed?...
Roni Fuchs : Jan 28, 2022 11:48:00 AM
I'm excited to share that Legit Security is officially launching out of stealth mode. While in stealth, we’ve been incredibly busy acquiring our...
Roy Blit : Jan 21, 2022 9:00:00 AM
You’ve probably heard that software supply chain attacks are increasing rapidly and that the damage can be devastating. Both business and security...
Alex Babar : Jan 14, 2022 1:00:00 PM
For many business executives, familiarity with “software supply chain security” started around December 2020 when global news headlines covered the...
Amit Hofree : Jan 7, 2022 12:30:00 PM
In response to a rapid increase in software supply chain attacks, Security Professionals and Software Development Leaders are increasingly motivated...
