Using Your CI/CD Pipeline To Prevent Your App From Getting Hacked

How Hackers Attack

Injection attacks'+OR+1=1--
SELECT * FROM products WHERE category = ‘Gifts’ OR 1=1 — ‘ AND released = 1

Broken authentication

Sensitive data leaks

XML external entities

Broken access control

Security misconfiguration

Cross-site scripting

window.location=”" + document.cookie

Insecure deserialization

Using packages with known vulnerabilities

Not enough logging and monitoring

How to Prevent Attacks Using Your CI/CD Pipeline

"buildpacks": [
"url": "heroku/nodejs"
"environments": {
"test": {
"scripts": {
"test-setup": "npm install -g snyk retire",
"test": "snyk auth $SNYK_TOKEN && snyk test && retire && npm test"
Heroku Flow view
Tests running in Heroku CI




Other Considerations

  • Optimize your build time to make deploys to production happen quickly. This means keeping a small build size and only using the tools you need.
  • Keep parity across all of your environments. This will help with testing; when developers and QA are testing against staging or other environments, it’s most useful when they are as close to production as possible.
  • Don’t check secrets and credentials into version control. Make sure all PRs go through some kind of review/test to check for this. It’s more difficult to get these out once they’ve been merged in.
  • Make the pipeline the only way to deploy changes to production so that you always know when code changes are released.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Starting classes soon! | Software/Hardware Engineer | International tech speaker | Random inventor and slightly mad scientist with extra sauce