Kubernetes Hardening Tutorial Part 2: Network
How to achieve Control Plane security, true resource separation with network policies, and use Kubernetes Secrets more securely.
Kubernetes Hardening Tutorial Part 1: Pods
Get a deeper understanding of Kubernetes Pods security with this first tutorial.
CISO Roadmap: The First 90 Days
Come away with a game plan for strengthening your information security program.
What’s new in the 2021 OWASP Top10?
The famous list of the top 10 web applications vulnerabilities just got updated for the first time since 2017. Let's find out what the most surprising changes are.
Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2)
Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.
Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)
The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)
The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Shift your CI to GitHub Actions
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.
NIST's recommendations for secure DevSecOps
Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.
Credential Access - Breaking down the MITRE ATT&CK framework
This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
How Adding Security into DevOps Accelerates the SDLC (Pt. 2)
Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
