Sponsored by CYCODE
While details of the SolarWinds exploit, and subsequent breaches of FireEye, that comprised The U.S. Treasury and Department of Commerce are still unfolding, several lessons are becoming clear.
Whatever we assume is secure becomes insecure. As the SDLC evolves our behaviors and processes change, which shifts the landscape and upends previous assumptions. This creates fissures in our security postures that, when exploited, can provide deep access to attackers precisely because security was previously assumed.
The SolarWinds exploit likely was the result of a breach of their development infrastructure that was so deep it allowed the attackers to compromise the integrity of SolarWinds’ production releases without detection. Hence, SolarWinds continue to sign their binaries with certificates for months and their customers unknowingly ingested the attacker's malicious code. Historically, development infrastructure was presumed secure because few people had access to it and the infrastructure itself was relatively low value. However, modern development models embrace agility and transparency, which means a culture of providing easy access to many.
This webinar will focus on the top six AppSec learnings from the SolarWinds incident and will provide concrete steps that every organization can take to ensure the integrity of releases and development infrastructure.