Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.
Securing Containers with Seccomp
In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.
The Runtime Secrets' Security Gap
The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets.
Managing AWS IAM with Terraform
Get started with IAM by using Terraform to create users, groups, and policies.
Container Security Scanning: Vulnerabilities, Risks and Tooling
Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.
How to Handle Secrets in Jupyter Notebooks
From entering passwords with getpass to using secret managers like AWS Secrets Manager, this guide covers best practices for protecting sensitive information in your notebooks.
Pipeline Integrity and Security in DevSecOps
Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.
Open-Source Software Security
Open-source software security is crucial in today's cloud-native world. Learn about vulnerabilities, dependencies, and tools to improve security in this in-depth blog post.
Secure-by-Design Software in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.
Vulnerability Management Lifecycle in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.
How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide
Learn how to effectively respond to an AWS key honeytoken trigger with this step-by-step guide. Investigate the incident, identify the leak source, secure your environment, and leverage OSINT techniques to protect your AWS infrastructure.
A Guide to Cloud Security Posture Management (CSPM)
What is CSPM? Cloud Security Posture Management is about identifying and remediating security misconfigurations and risks to (IaaS) Infrastructure as a Service or (PaaS) Platform as a service environments.
