DevSecOps Credential Access - Breaking down the MITRE ATT&CK framework This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 2) Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 1) Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
DevSecOps Initial Access Techniques - MITRE ATT&CK This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
Best practices Data Security — an Introduction to AWS KMS and HashiCorp Vault While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
DevSecOps An Introduction to DevSecOps - Tackling Security with DevOps & Why It Accelerates Your SDLC This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
DevSecOps Shift Left - Moving security to the development phase - the case of secrets detection in code repositories With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.
DevSecOps A Comprehensive Application Security Program - What it should include Application security, known as AppSec, has become an extremely important part of the security program. This article looks at what makes a mature and comprehensive AppSec program.
DevSecOps GitOps - an extension of DevOps for modern infrastructure management GitOps is an evolution of infrastructure as code, a framework that can drastically improve deployment speed and developer efficiency. Here we run through exactly what GitOps is and how to practically implement it.
DevSecOps DevSecOps Glossary A helpful glossary of common terms and definitions used in DevSecOps explained with amusing comics.
DevSecOps Git hooks - pre-commit, post-commit, post-receive Automated secrets detection in your software development lifecycleDevelop fast, and secure things! Git hooks are extremely useful in the journey to replace as much of the human factor in the
