DevSecOps

A collection of 71 posts

Secure Your Secrets with .env

Secure Your Secrets with .env

Using environment variables to store secrets instead of writing them directly into your code is one of the quickest and easiest ways to add a layer of protection to your projects.

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.

8.5% of Docker Images Expose API and Private Keys

8.5% of Docker Images Expose API and Private Keys

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners

The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners

Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.

arrow-down