CloudSec Academy

Ziad Ghalleb

March 14, 2025

Static code analysis identifies security vulnerabilities and coding issues without executing the code, improving software quality and security.

Nicolas Ehrman

March 13, 2025

Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.

Shaked Rotlevi

March 13, 2025

13 essential best practices for every organization + the common tools and services that can support them

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Nicolas Ehrman

March 12, 2025

At their core, containers encapsulate the application code and runtime, system tools, dependencies, and settings that enable it to operate in the same way across multiple environments.

Shaked Rotlevi

March 12, 2025

AWS security groups (SGs) are virtual firewalls for your EC2 instances that control both inbound and outbound traffic.

To help you make an informed decision, we've crafted a comprehensive comparison of AWS and Azure security, empowering you to select the cloud provider that seamlessly integrates with your unique needs.

11 native tools for IAM, data protection, network and application protection, compliance management, and threat detection

Lauren Place

March 8, 2025

Code review is a software development practice where code is systematically examined to ensure it meets specific goals, including quality and security standards.

Lauren Place

March 7, 2025

Identity threat detection and response (ITDR) is a cybersecurity approach that uses a combination of tools, intelligence, and automation to proactively detect, investigate, and respond to threats targeting digital identities and authentication systems in the cloud.

Generative AI (GenAI) security is an area of enterprise cybersecurity that zeroes in on the risks and threats posed by GenAI applications. To reduce your GenAI attack surface, you need a mix of technical controls, policies, teams, and AI security tools.

Nicolas Ehrman

March 6, 2025

Our goal with this article is to share the best practices for running complex AI tasks on Kubernetes. We'll talk about scaling, scheduling, security, resource management, and other elements that matter to seasoned platform engineers and folks just stepping into machine learning in Kubernetes.

Cloud configuration management is the process of defining, enforcing, and maintaining consistent cloud resource configurations across environments. This includes automating deployment, monitoring compliance, preventing misconfigurations, and ensuring security, cost efficiency, and operational reliability.

FISMA compliance is the set of processes, controls, and protocols an organization must have in place to ensure its information assets satisfy the requirements of the Federal Information Security Management Act (FISMA).

The NIST Cybersecurity Framework (CSF) is a risk-based framework designed to help organizations manage and reduce cybersecurity risks. It provides a structured approach to identifying, protecting, detecting, responding to, and recovering from cyber threats.

Ziad Ghalleb

March 1, 2025

Application security controls are technology-independent collections of policies, procedures, and standards to secure software, devices, users, network, and data.

Ziad Ghalleb

March 1, 2025

Application security testing (AST) is a set of processes designed to detect and address security gaps during the early phases of the software development lifecycle (SDLC). In other words, teams take steps in pre-production to identify and mitigate risks before applications are released into operational environments.

Chris Champa

February 26, 2025

SecOps metrics are trackable bits of data that quantify various aspects of your security operations center (SOC), such as performance or efficiency.

Chris Champa

February 25, 2025

Explore the top best practices for an effective security operations center (SOC).

The AI Bill of Rights is a framework for developing and using artificial intelligence (AI) technologies in a way that puts people's basic civil rights first.

This article is your cheat sheet for understanding the ISO 27001 controls, implementing them to tackle security risks, and getting ISO 27001 certified—without any hassles.

Application security frameworks are essential guidelines, best practices, and tools designed to help organizations stay consistent in their security practices, meet compliance requirements, and effectively manage risks associated with application security.

Social engineering is an attack technique that focuses on exploiting an enterprise’s employees. In a typical social engineering scenario, cybercriminals may trick or deceive employees into ignoring security protocols, making them unwitting collaborators in cyberattacks.

Chris Champa

February 15, 2025

In this post, we’ll look at where anomaly detection fits into your cybersecurity big picture, some common techniques and use cases, as well as some tips on rolling out anomaly detection without adding to your teams’ workload.