The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.
Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.
Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization while leveraging AI.
Learn how GitGuardian can help you go from a world of secrets sprawl to a future with secrets-free machine identity frameworks by adopting SPIFFE/SPIRE.
Exciting news! Our first book, "Crafting Secure Software," is now available. Learn how to embed security throughout the SDLC, mitigate risks, and foster a security culture. Get your copy today and level up your software security game!
Discover how exposed your company is on public GitHub, anonymously and for free.
![Honeytokens [Security Zines]](/content/images/size/w600/2024/09/Honeytokens.png)
Buckle up, buttercup, because we're about to dive into the sticky-sweet world of honeytokens!
Discover ggshield's latest enhancements, allowing you to craft custom remediation messages, format scan results in SARIF, and help you better shift left for secrets security.
Learn the best practices for handling secrets in Go in the cloud-native ecosystem.
Key insights and defense strategies were shared at Blue Team Con 2024 in Chicago, where defenders gathered to advance their skills for fighting today’s toughest threats.
Credentials are prime targets for attackers, as they make it easy to access resources as legitimate users without discovering vulnerabilities or using technical exploits. Malware authors know how interesting these low-hanging fruits are and are coming after your secrets!
Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you. Today, let's have a look at how it works and how to use it with various key management services such as AWS KMS and HashiCorp Vault.
Using multiple cloud service providers isn't all benefits, it has its challenges. Today, let's have a look at multicloud: What it is, what are the challenges, especially security challenges, and what are the best practices towards a secure multicloud architecture.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
