Pipeline Integrity and Security in DevSecOps
Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.
Open-Source Software Security
Open-source software security is crucial in today's cloud-native world. Learn about vulnerabilities, dependencies, and tools to improve security in this in-depth blog post.
Secure-by-Design Software in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.
Vulnerability Management Lifecycle in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.
How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide
Learn how to effectively respond to an AWS key honeytoken trigger with this step-by-step guide. Investigate the incident, identify the leak source, secure your environment, and leverage OSINT techniques to protect your AWS infrastructure.
A Guide to Cloud Security Posture Management (CSPM)
What is CSPM? Cloud Security Posture Management is about identifying and remediating security misconfigurations and risks to (IaaS) Infrastructure as a Service or (PaaS) Platform as a service environments.
How to Handle Mobile App Secrets
Learn why storing secrets in mobile apps is a major security risk, how to manage user and developer secrets properly, and why client-side secrecy is impossible. Find out the best practices for securing mobile app secrets and protecting your data.
How SAST Tools Secure AI-generated Code
As AI continues to reshape how code is written and managed, the emphasis on vigilant, security-conscious development practices becomes increasingly crucial. SAST stands as a critical tool in ensuring that the efficiencies gained through AI do not come at the cost of security and reliability.
Securing The Software Delivery Pipeline With Honeytokens
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats.
Pulumi VS Terraform: The Definitive Guide to Choosing Your IaC Tool
Tiexin Guo Senior DevOps Consultant, Amazon Web Services Author | 4th Coffee In the cloud-native era, Infrastructure as Code (IaC; read more about it in this blog here) has become the de-facto standard for managing cloud infrastructure, and more. While Terraform has been around for
Terraform Project for Managing Vault Secrets in a Kubernetes Cluster
This article uses Kubernetes Secrets as a native Kubernetes component for handling sensitive data at container runtime and Vault as a trusted storage and maintenance solution for sensitive data.
Application Security Posture Management with GitGuardian and ArmorCode
Managing GitGuardian Findings as Part of a Complete Risk-Based Software Security Program with ArmorCode ASPM.
