Palo Alto Networks

CI/CD Security

The Evolution of Cloud-Native Application Security

Application security refers to the practices and strategies that protect software applications from vulnerabilities, threats and unauthorized access so that organizations can ensure the confidentiality, integrity and availability of their application and its data.

AppSec’s primary goal centers on identifying and mitigating risks that can arise due to design flaws, coding errors or malicious attacks targeting the...

Application Security

AppSec

Aug 09, 2023

By Steve Giguere

Palo Alto Networks

Products and Services

Partners

Application Security, AppSec

Protecting Your Delivery Pipeline: Extensive CI/CD Security with Prisma Clo...

With the rise in attacks on continuous integration and continuous delivery (CI/CD) environments, it’s no surprise that the U.S. Government recently released guidance to help organi...

Jul 27, 2023

By Jonathan Bregman

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Identity and access management (IAM) has always been an area of focus for organizations, particularly when it comes to source control management systems (SCM). And rightly so — inadequate identity and access ma...

Jul 18, 2023

By Omer Gil and Yaron Avital

CI/CD, DevSecOps

Abusing Repository Webhooks to Access Internal CI/CD Systems at Scale

With the increasing adoption of CI/CD systems, organizations tend to adopt a common CI/CD architecture. This architecture combines SaaS-based source control management systems — su...

Jul 13, 2023

By Omer Gil and Asi Greenholts

Application Security, AppSec

Poisoned Pipeline Execution (PPE): A Technical Deep Dive

Dev environments have become a major part of today’s attack surface. And within them, the most lucrative assets are the systems responsible for CI and CD — those that build, test and deploy code — and typically...

Jun 14, 2023

By Omer Gil

Application Security, AppSec

Visualizing Your CI/CD Ecosystem From an Attacker’s Perspective

CI/CD environments and processes are increasingly becoming a key area of focus for both hackers and — consequently — for defenders.

Jun 07, 2023

By Leon Goldberg

DevSecOps

How to Think About DevSecOps for a Secure Future

Despite the technological advances of recent years (or perhaps because of them), the number of threats on the internet continues to rise. In fact, a 2022 survey from ThoughtLab found that the number of breaches...

Feb 16, 2023

By Glenn Wilson

Code Security, DevSecOps

Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in...

Developers leverage hardcoded credentials to seamlessly access or authenticate the services needed to build and deploy applications. While this practice streamlines development, it...

Jan 17, 2023

By Julia Benson

Cloud Computing, DevSecOps

A Primer on Secure DevOps: Learn the Benefits of These 3 DevSecOps Use Case...

DevSecOps has risen to buzzword status in the past few years, encompassing several shift-left security use cases. And while the word DevSecOps gets thrown around a lot, there are s...

Sep 22, 2022

By Julia Benson

Load more blogs