The New Frontier in Cybersecurity: Embracing Security as Code
Security as Code (SaC) is a term often used with DevSecOps, but what does it mean exactly? Learn best practices and key components for a more secure and efficient development process.
Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions
In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.
![What to do if you expose a secret: How to stay calm and respond to an incident [cheat sheet included]](/content/images/size/w600/2023/11/Remediation-post.png)
What to do if you expose a secret: How to stay calm and respond to an incident [cheat sheet included]
Learn how to respond to a secret leak incident effectively. Follow our step-by-step guide to understand the impact, rotate secrets safely, and prevent future leaks.
Webinar Recap: Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity
A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.
8.5% of Docker Images Expose API and Private Keys
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.
How to Secure Your Productivity Tools with GitGuardian Honeytoken
GitGuardian Honeytokens are potent tools in the cybersecurity toolkit, notifying you of any unauthorized activities in code repos, Jira, Slack, Linear, and more.
How to Secure Your IaC and Configuration Management Tools with GitGuardian’s Honeytoken
It is important to secure environments with intelligent solutions. GitGuardian Honeytoken can help protect your IaC and Config Management tools.
Code Security: Manual Code Reviews Ain't Enough
Manual code reviews provide a lot of value but are slow, error-prone, and don't scale. Automated testing can take a lot of pressure off review teams.
The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners
Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.
How Your Secrets Management Maturity Can Impact Your DevOps Research and Assessment Metrics
Learn how your secrets management can affect your DevOps performance, measured by DORA metrics, as well as increase your risk as an organization.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Platform Engineering and Security: A Very Short Introduction
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
