Secrets Management
HMAC Secrets Explained: Authentication You Can Actually Implement
A developer-first guide to implementing HMAC signatures correctly.
MOST POPULAR
all tags
other
Red Team Chronicles Episode 3 - The illusion of the fortress
Building a fortress is a strategy from the past. Mobility, remote working, cloud and SaaS have made the delineation between internal and external networks almost impossible. This episode reviews how attackers use fortress against organizations.
How Adding Security into DevOps Accelerates the SDLC (Pt. 1)
Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
Setting up a pre-commit git hook with ggshield, the GitGuardian CLI.
In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.
Security in Infrastructure as Code with Terraform — Everything You Need to Know
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
Red Team Chronicles Episode 2 - There is no such thing as a “miracle solution”
In episode 2 of the Red Team Chronicles, we talk with Philippe about the one size fits all security claims some vendors make and how hackers use this to get into systems undetected.
Codecov supply chain breach - explained step by step
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
Red Team Chronicles Episode 1 - Meet Philippe our offensive security expert
The Red Team Chronicles follows pentester and entrepreneur Philippe as we look into his hacking playbook. In episode one, we look at how Philippe started his journey to become a pentester.
CISO Live - Yury Koldobanov from Mirantis
Mirantis helps organizations ship code faster on public and private clouds. Director of IT Yury Koldobanov at Mirantis explains how GitGuardian helps them keep their code secure.
Initial Access Techniques - MITRE ATT&CK
This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
The journey to becoming a backend engineer at GitGuardian
Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
Data Security — an Introduction to AWS KMS and HashiCorp Vault
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
Highlights from the 2021 RSA conference - The modern day bank heists
The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
