Sponsored by CYCODE
Code tampering is a software company’s worst nightmare. Unfortunately, 2021 is the year this nightmare came true for many organizations. In fact, code tampering has led to major supply chain attacks nearly every month: SolarWinds, Accellion, Mimecast, Click Studios, PHP, CodeCov and Kaseya.
These incidents make it clear that attackers are targeting DevOps tools and infrastructure just as much as they are production applications. Attackers are now looking for any entry point into the victim’s SDLC and then expanding laterally across each phase to tamper with code and push it live into production without detection. Ironically, DevOps automation that increases release efficiency also makes it easier for attackers to move laterally in this way, as each system becomes more tightly interconnected.
After an overview of code tampering and an overview of lessons learned from recent incidents, this webinar will propose a four-pillar approach to reducing code tampering risk: