Palo Alto Networks

IaC

How To Prevent the 5 Most Common Software Supply Chain Weaknesses

All software supply chain attacks share a core trait: they allow a threat actor to break into an organization’s IT estate by exploiting software vulnerabilities created by entities other than the organization.

The types of vulnerabilities attackers exploit during supply chain incidents come in many forms, as do the exploitation methods attackers use. Because...

DevSecOps

Secure the Cloud

Jun 13, 2023

By Chris Tozzi

Palo Alto Networks

Products and Services

Partners

Application Security, AppSec

Visualizing Your CI/CD Ecosystem From an Attacker’s Perspective

CI/CD environments and processes are increasingly becoming a key area of focus for both hackers and — consequently — for defenders.

Jun 07, 2023

By Leon Goldberg

Application Security, DevSecOps

Shift Left Secrets Security: How to Prioritize Secrets Risks

As you start developing your secrets security strategy, it’s likely that GitHub repositories’ secrets aren’t top of mind. GitHub — unarguably the de f...

Jun 01, 2023

By Steve Giguere

DevSecOps, Secure the Cloud

Top 6 Considerations for Integrating Cloud Security and GitOps

Since the term was first coined in 2017, GitOps has provided a new operating model for developing, delivering, testing, and deploying cloud-native infrastructure. GitOps and infras...

Apr 27, 2023

By Taylor Smith

DevSecOps

The Top 5 Secrets Management Mistakes and How to Avoid Them

Unknown publicly exposed secrets are almost inevitable for most orgs. Secrets could be anywhere — in your application servers, containerized apps, infrastructure as code (IaC), bus...

Apr 13, 2023

By Nick Sirris

DevSecOps

Enhanced Pull Request Comments: Empower Developers to Ship Code That’s Secu...

Preventing misconfigurations and vulnerabilities from reaching runtime in a manner that doesn’t slow development is challenging. But that’s where pull request (PR) comments come in...

Apr 04, 2023

By Jonathan Bregman

DevSecOps

Top 5 DevSecOps Tools to Help You Ship Secure Code Fast

DevSecOps, or shift left security, is top of mind for many cloud-native teams today. And as the term has grown exponentially, so too has the number of DevSecOps tools and use cases. But all these new additions...

Mar 17, 2023

By Guy Eisenkot and Jonathan Bregman

DevSecOps

How to Think About DevSecOps for a Secure Future

Despite the technological advances of recent years (or perhaps because of them), the number of threats on the internet continues to rise. In fact, a 2022 survey from ThoughtLab found that the number of breaches...

Feb 16, 2023

By Glenn Wilson

Code Security, DevSecOps

It’s Not All Bad! Using Cloud Drift for Teachable Moments

Stack Overflow’s 2021 Developer Survey found that 54% of developers use AWS, yet only 7% use Terraform. That means that far more developers have adopted provisioning, managing and decommissioning cloud infrastr...

Feb 14, 2023

By Taylor Smith

Code Security, DevSecOps

The Key to DevSecOps Success: Cross-Team Knowledge Sharing

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and e...

Feb 02, 2023

By Taylor Smith

Code Security, DevSecOps

From Manifest to Workload: Embedding Kubernetes Security at Each Phase of t...

Part of the answer is to identify and address security risks within the various components of Kubernetes itself as well as their configurations. You can do this by, for example, va...

Jan 24, 2023

By Chris Tozzi

Code Security, DevSecOps

Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in...

Developers leverage hardcoded credentials to seamlessly access or authenticate the services needed to build and deploy applications. While this practice streamlines development, it...

Jan 17, 2023

By Julia Benson

DevSecOps, Secure the Cloud

Crawl, Walk, Run: Operationalizing Your IaC Security Program

You’ve decided to shift your cloud security left. You researched vendors, evaluated solutions, did a proof of concept and now you’re off the IaC security races.

Jan 10, 2023

By Mike Urbanski

DevSecOps, Secure the Cloud

How To Prevent the IaC Misconfiguration Snowball Effect

The goal with infrastructure as code (IaC) frameworks such as Terraform and CloudFormation is to make infrastructure provisioning more efficient. Through a combination of automation and either imperative or dec...

Jan 03, 2023

By Payton O’Neal

Containers, DevSecOps

Infrastructure Security Advantages of Leveraging Kubernetes

As more and more organizations move away from traditional virtual machines for developing applications, containerization has become the new norm. Containers offer a more modern app...

Nov 22, 2022

By Faith Kilonzi

DevSecOps, Secure the Cloud

Infrastructure as Code Security and AppSec: Streamlined DevSecOps From App ...

Infrastructure as code (IaC) has fundamentally changed the way we build and manage infrastructure. By transforming cloud resources and their configurations into code, IaC allows us...

Nov 15, 2022

By Chris Tozzi

DevSecOps, Secure the Cloud

6 Key Kubernetes DevSecOps Principles: People, Processes, Technology

Container-based application deployment is at its peak, as is the popularity of orchestration platforms like Kubernetes that form the underlying infrastructure for containerized app...

Nov 08, 2022

By Faith Kilonzi

DevSecOps, Secure the Cloud

9 Essential Infrastructure Security Considerations for Kubernetes

Part of the reason why securing Kubernetes can be challenging is that Kubernetes isn’t a single, simple framework. It’s a complex, multi-layered beast. Each layer — from code and c...

Oct 20, 2022

By Chris Tozzi

DevSecOps, Secure the Cloud

Secure Vulnerable Images Found in IaC Templates With Prisma Cloud

Image Referencer extends Prisma Cloud’s existing scanning capabilities to provide more complete visibility into all images that may exist in an application.

Oct 18, 2022

By Taylor Smith

Code Security, DevSecOps

Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SB...

When Log4Shell was first reported, companies scrambled to figure out if and how they were affected by the vulnerability. Despite their best efforts, few companies were able to full...

Oct 05, 2022

By Taylor Smith

Cloud Computing, DevSecOps

AppSec and CloudSec 101: Blurring the Lines Between Cloud-Native App Layers

Not too long ago, IT security models were relatively straightforward. They were broken into layers — the infrastructure layer, the application layer, sometimes the network layer, a...

Sep 28, 2022

By Chris Tozzi

Load more blogs