10 Rules for Better Cloud Security
Cloud security is a shared responsibility and a big challenge. Here are the basic rules to have in mind to set up efficient guardrails.
Supply Chain Attacks: 6 Steps to protect your software supply chain
This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.
Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2)
Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.
Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)
The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)
The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Security in Infrastructure as Code with Terraform — Everything You Need to Know
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
Data Security — an Introduction to AWS KMS and HashiCorp Vault
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
How to safely open-source internal software — Some best practices
On this post we’ll be focusing on a few essentials that should be done before making your project open-source.
File types that most commonly contain sensitive information
As outlined in the State of Secrets Sprawl report, 5 million credentials and other secrets get leaked on Github every year. This is an in-depth look into what file extensions most commonly contain secrets.
How to scan local files for secrets in python using the GitGuardian API
How to scan local files for secrets like API keys and security certificates in python using the GitGuardian API.
8 free security tools every developer should know and use to Shift Left
A list of 8 free must use security tools every developer should know about to help them secure their code and Shift Left.
