DevSecOps

A collection of 70 posts

Secure Your Secrets with .env

Secure Your Secrets with .env

Using environment variables to store secrets instead of writing them directly into your code is one of the quickest and easiest ways to add a layer of protection to your projects.

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.

8.5% of Docker Images Expose API and Private Keys

8.5% of Docker Images Expose API and Private Keys

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners

The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners

Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

arrow-down