7 Tips for Securing the Software Development Environment
Recent attacks have highlighted the need for organizations to pay closer attention to the hardware, software, and networks used in software development.
August 24, 2021
The attack disclosed by SolarWinds last December and others like the one on Codecov earlier this year focused a lot of attention on how organizations can mitigate risks via the software supply chain. Considerably less attention has been paid, however, to how organizations can protect their own software development and testing environments against similar breaches.
As the attacks demonstrated, software development environments are an attractive target for threat actors. Protecting these environments is critical to reducing the risk of an attacker carrying out a variety of potentially different actions. This can include stealing encryption and access keys, passwords, and intellectual property, according to the UK National Cyber Security Centre (NCSC).
Other risks include attackers embedding malicious code into a development project, using a development system to attack the build and software deployment pipeline, and harvesting information on how sensitive applications work for use in future attacks, the NCSC has noted.
Following are seven tips for protecting your development environment and continuous integration/continuous development (CI/CD) pipeline against attacks and compromises.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024