Secure-by-Design Software in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.
Vulnerability Management Lifecycle in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.
How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide
Learn how to effectively respond to an AWS key honeytoken trigger with this step-by-step guide. Investigate the incident, identify the leak source, secure your environment, and leverage OSINT techniques to protect your AWS infrastructure.
A Guide to Cloud Security Posture Management (CSPM)
What is CSPM? Cloud Security Posture Management is about identifying and remediating security misconfigurations and risks to (IaaS) Infrastructure as a Service or (PaaS) Platform as a service environments.
How to Handle Mobile App Secrets
Learn why storing secrets in mobile apps is a major security risk, how to manage user and developer secrets properly, and why client-side secrecy is impossible. Find out the best practices for securing mobile app secrets and protecting your data.
How SAST Tools Secure AI-generated Code
As AI continues to reshape how code is written and managed, the emphasis on vigilant, security-conscious development practices becomes increasingly crucial. SAST stands as a critical tool in ensuring that the efficiencies gained through AI do not come at the cost of security and reliability.
Securing The Software Delivery Pipeline With Honeytokens
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats.
Pulumi VS Terraform: The Definitive Guide to Choosing Your IaC Tool
Tiexin Guo Senior DevOps Consultant, Amazon Web Services Author | 4th Coffee In the cloud-native era, Infrastructure as Code (IaC; read more about it in this blog here) has become the de-facto standard for managing cloud infrastructure, and more. While Terraform has been around for
Terraform Project for Managing Vault Secrets in a Kubernetes Cluster
This article uses Kubernetes Secrets as a native Kubernetes component for handling sensitive data at container runtime and Vault as a trusted storage and maintenance solution for sensitive data.
Application Security Posture Management with GitGuardian and ArmorCode
Managing GitGuardian Findings as Part of a Complete Risk-Based Software Security Program with ArmorCode ASPM.
How Honeytokens Can Detect and Stop Black Hat Computer Hackers
Detect & stop black hat hackers with honeytokens. Placed in datasets, these mimic real data, triggering alerts upon interaction. Bolster your cybersecurity now!
How to Become Great at API Key Rotation: Best Practices and Tips
Secret management can be a complex challenge, especially when you are trying to do it in a way that is right for security. Key rotation is a big piece of that puzzle. In this article, we will take you from zero to hero on key rotation.
