How To Setup Your Jenkins Pipeline with GitGuardian in Kubernetes
In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).
9 Extraordinary Terraform Best Practices That Will Change Your Infra World
This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.
Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing
Learn how to set up an AWS EKS cluster with Terraform and leverage best practices to configure roles, service accounts, logging, and auditing with useful tools.
Data Breach: a 5 Steps Response Plan
A data breach is one of the worst scenarios in today’s enterprise security. What’s your plan to remediate this kind of situation, minimize the impact, and ensure business continuity? Although there is no such thing as a one-size-fits-all tactic, the following steps are crucial to a positive outcome.
Infrastructure as Code - Everything You Need to Know
Infrastructure as Code is slowly but surely becoming norm for organizations that seek automation and faster delivery. Learn the big concepts powering it in this article.
Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2)
Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.
Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)
The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)
The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Credential Access - Breaking down the MITRE ATT&CK framework
This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
How Adding Security into DevOps Accelerates the SDLC (Pt. 2)
Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
How Adding Security into DevOps Accelerates the SDLC (Pt. 1)
Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
Security in Infrastructure as Code with Terraform — Everything You Need to Know
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
Data Security — an Introduction to AWS KMS and HashiCorp Vault
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.