Vulnerability Management Lifecycle in DevSecOps
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management ... Read More
How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide
Learn how to effectively respond to an AWS key honeytoken trigger with this step-by-step guide. Investigate the incident, identify the leak source, secure your environment, and leverage OSINT techniques to protect your AWS infrastructure ... Read More
A Guide to Cloud Security Posture Management (CSPM)
What is CSPM? Cloud Security Posture Management is about identifying and remediating security misconfigurations and risks to (IaaS) Infrastructure as a Service or (PaaS) Platform as a service environments ... Read More
How to Handle Mobile App Secrets
Learn why storing secrets in mobile apps is a major security risk, how to manage user and developer secrets properly, and why client-side secrecy is impossible. Find out the best practices for securing mobile app secrets and protecting your data ... Read More
How SAST Tools Secure AI-generated Code
As AI continues to reshape how code is written and managed, the emphasis on vigilant, security-conscious development practices becomes increasingly crucial. SAST stands as a critical tool in ensuring that the efficiencies gained through AI do not come at the cost of security and reliability ... Read More
Securing The Software Delivery Pipeline With Honeytokens
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats ... Read More
Understanding Broken Object Level Authorization (BOLA) Vulnerability in API Security
Explore Broken Object Level Authorization (BOLA), its implications, how it can be exploited, and how to secure your applications against it ... Read More
Pulumi VS Terraform: The Definitive Guide to Choosing Your IaC Tool
In this blog, we do a deep dive into Pulumi V.S. Terraform (and slightly touch the mechanism of AWS CDK/CDK for Terraform, for that matter) ... Read More
Terraform Project for Managing Vault Secrets in a Kubernetes Cluster
This article uses Kubernetes Secrets as a native Kubernetes component for handling sensitive data at container runtime and Vault as a trusted storage and maintenance solution for sensitive data ... Read More
Application Security Posture Management with GitGuardian and ArmorCode
Managing GitGuardian Findings as Part of a Complete Risk-Based Software Security Program with ArmorCode ASPM ... Read More
