Engineering
How We Migrated the Heart of Our Platform to Rust
By rewriting our secret detection engine in Rust, we made our engine more than three times as fast. But not without making it four times slower along the way.
MOST POPULAR
all tags
other
DEF CON 32: What We Learned About Secrets Security at AppSec Village
At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.
From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents
Ignoring low-risk secrets in GitGuardian? This could be a costly mistake. Learn how to avoid the hidden dangers of prematurely closing incidents.
Dependency Confusion Attacks and Prevention: Register Your Private Package Names
Dependency confusion attacks exploit gaps in your software supply chain. Dive into modern dependency management and learn how to defend your systems with best practices.
Hot Takes and Cool Strategies: BSides Las Vegas 2024
Experience the heat of innovation at BSides Las Vegas 2024, where cybersecurity experts tackle AI security, passwordless solutions, and zero-downtime credential rotation.
The Secrets of the New York Times Source Code Breach
The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).
Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps
DevSecOps Engineer Gene Gotimer explains why constant software dependency updates are crucial for security in DevSecOps practices.
Agile2024: Making Sure Security Is Part Of Our Processes
What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.
Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.
Securing Containers with Seccomp
In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.
Better Security and Performance For Free? Why PostgreSQL is Amazing
Upgrade your PostgreSQL instance to the newest version with confidence! In this benchmarking blog post, we show you the performance improvements you can expect when upgrading from PostgreSQL 13 to 16.
CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
Explore key insights from CodeSecDays 2024 on software supply chain security. Learn about AI in DevSecOps, SLSA frameworks, developer-security collaboration, and secrets management. Discover strategies for a more secure digital future.
