Managing AWS IAM with Terraform - Part 2
In this second part, you will learn how to centralize IAM for multiple AWS accounts, create and use EC2 instance profiles, and implement just-in-time access with Vault.
Thinking Like a Hacker: Abusing Stolen Private Keys
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. First case: an RSA private key is found in a Docker image.
How to make security policies a team effort
Mark Bichon from Bearer, the SAST solution for mapping sensitive data flows, shares some essential tips to create security policies that don't feel like a development slowdown.
AWS IAM Security Best Practices
Identity and access management is a pillar of security. With the advent of the cloud, it got a lot more complicated. Here is a recap of the best practices to put in place to secure AWS IAM.
Key Highlights From the New NIST SSDF
In this article, we’ll be going over the 1.1 revision of The Secure Software Development Framework that was published earlier this year.
A Brief History of the DMCA
Learn more about the DMCA law and how it applies to digital artifacts like source code.
How To Setup Your Jenkins Pipeline with GitGuardian in Kubernetes
In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).
Securing Containers with Seccomp: Part 2
This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.
Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing
Learn how to set up an AWS EKS cluster with Terraform and leverage best practices to configure roles, service accounts, logging, and auditing with useful tools.
Data Breach: a 5 Steps Response Plan
A data breach is one of the worst scenarios in today’s enterprise security. What’s your plan to remediate this kind of situation, minimize the impact, and ensure business continuity? Although there is no such thing as a one-size-fits-all tactic, the following steps are crucial to a positive outcome.
Infrastructure as Code - Everything You Need to Know
Infrastructure as Code is slowly but surely becoming norm for organizations that seek automation and faster delivery. Learn the big concepts powering it in this article.
CI Pipelines: 5 Risks to Assess
More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.
