Best practices Data Breach: a 5 Steps Response Plan A data breach is one of the worst scenarios in today’s enterprise security. What’s your plan to remediate this kind of situation, minimize the impact, and ensure business continuity? Although there is no such thing as a one-size-fits-all tactic, the following steps are crucial to a positive outcome.
DevSecOps Infrastructure as Code - Everything You Need to Know Infrastructure as Code is slowly but surely becoming norm for organizations that seek automation and faster delivery. Learn the big concepts powering it in this article.
Best practices CI Pipelines: 5 Risks to Assess More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.
Tutorials Kubernetes Hardening Tutorial Part 2: Network How to achieve Control Plane security, true resource separation with network policies, and use Kubernetes Secrets more securely.
Tutorials Kubernetes Hardening Tutorial Part 1: Pods Get a deeper understanding of Kubernetes Pods security with this first tutorial.
CISO Roadmap CISO Roadmap: The First 90 Days Come away with a game plan for strengthening your information security program.
Cybersecurity frameworks and regulation What’s new in the 2021 OWASP Top10? The famous list of the top 10 web applications vulnerabilities just got updated for the first time since 2017. Let's find out what the most surprising changes are.
Cybersecurity frameworks and regulation Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2) Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.
Best practices Hardening Your Kubernetes Cluster - Guidelines (Pt. 2) In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Best practices Hardening Your Kubernetes Cluster - Threat Model (Pt. 1) The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
Cybersecurity frameworks and regulation Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1) The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Tutorials Shift your CI to GitHub Actions Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.
DevSecOps NIST's recommendations for secure DevSecOps Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.
Cybersecurity frameworks and regulation Credential Access - Breaking down the MITRE ATT&CK framework This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 2) Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 1) Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
Best practices Security in Infrastructure as Code with Terraform — Everything You Need to Know With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
DevSecOps Initial Access Techniques - MITRE ATT&CK This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
Best practices Data Security — an Introduction to AWS KMS and HashiCorp Vault While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
DevSecOps An Introduction to DevSecOps - Tackling Security with DevOps & Why It Accelerates Your SDLC This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
CISO Roadmap A Comprehensive Application Security Program - What should you include Application security, known as AppSec, has become an extremely important part of the security program. This article looks at what makes a mature and comprehensive AppSec program.
Cheat sheets Rewriting your git history, removing files permanently [cheat sheet included] You know that adding secrets to your git repository (even a private one) is a bad idea, because doing so risks exposing confidential information to the world. But mistakes were
![Rewriting your git history, removing files permanently [cheat sheet included]](/content/images/size/w600/2020/12/20W22-BLOG-Banner-BestPractices-Final.png)
