CloudSec Academy

Nicolas Ehrman

December 23, 2024

API security encompasses the strategies, procedures, and solutions employed to defend APIs against threats, vulnerabilities, and unauthorized intrusion.

Ziad Ghalleb

December 6, 2024

Code vulnerabilities are weaknesses in software that attackers can exploit, potentially compromising security.

Lauren Place

November 27, 2024

This article outlines guidelines and best practices for weaving security into every part of your development and DevOps workflows, focusing on practical techniques that are easy to adopt.

Ziad Ghalleb

November 27, 2024

Application security refers to the practice of identifying, mitigating, and protecting applications from vulnerabilities and threats throughout their lifecycle, including design, development, deployment, and maintenance.

Ziad Ghalleb

November 26, 2024

Strengthen applications with secure coding to fix injection flaws, enforce access controls, and follow OWASP best practices.

Swaroop Sham

November 26, 2024

Explore how IaC security protects cloud environments by embedding protection into code templates to catch vulnerabilities early.

Improve development workflows with shift left security by embedding testing early to catch vulnerabilities and speed delivery.

Swaroop Sham

November 26, 2024

Learn how a Software Bill of Materials (SBOM) strengthens security by tracking components, identifying vulnerabilities, and ensuring compliance.

Lauren Place

November 22, 2024

Cloud IDEs allow developers to work within a web browser, giving them access to real-time collaboration, seamless version control, and tight integration with other cloud-based apps such as code security or AI code generation assistants.

Ziad Ghalleb

November 15, 2024

Application detection and response (ADR) is an approach to application security that centers on identifying and mitigating threats at the application layer.

Swaroop Sham

November 8, 2024

Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.

Lauren Place

November 8, 2024

DAST, or dynamic application security testing, is a testing approach that involves testing an application for different runtime vulnerabilities that come up only when the application is fully functional.

IAST (Interactive Application Security Testing) is a security testing method that monitors applications in real-time during runtime to detect vulnerabilities by analyzing code behavior and data flow in live environments.

Open-source software (OSS) software composition analysis (SCA) tools are specialized solutions designed to analyze an application's open-source components and dependencies.

Ziad Ghalleb

October 31, 2024

Source code security refers to the practice of protecting and securing the source code of an application from vulnerabilities, threats, and unauthorized access.

Swaroop Sham

October 30, 2024

Infrastructure as code (IaC) scanning is the process of analyzing the scripts that automatically provision and configure infrastructure.

Ziad Ghalleb

October 28, 2024

SecDevOps is essentially DevOps with an emphasis on moving security further left. DevOps involves both the development team and the operations team in one process to improve deployment performance and service customers faster.

In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.

Ziad Ghalleb

October 4, 2024

Secrets detection is the process of identifying and managing sensitive information like API keys, passwords, and tokens within codebases to prevent unauthorized access and data breaches.

Vulnerability scanning is the process of detecting and evaluating security flaws in IT systems, networks, and software.

Ziad Ghalleb

September 20, 2024

The top 14 open-source application security tools—including SCA, secrets scanning, and application security testing tools—to help you streamline the critical process of securing your apps from threats and vulnerabilities.

A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.

Swaroop Sham

September 18, 2024

Software supply chain security describes the set of processes that ensure the integrity, authenticity, and security of software components throughout their lifecycle.

Swaroop Sham

September 16, 2024

Cloud app security involves ensuring that both cloud-native and cloud-based apps are protected from vulnerabilities through the use of proper tools and practices.

Ziad Ghalleb

September 13, 2024

NIST’s Secure Software Development Framework (SSDF) is a structured approach that provides guidelines and best practices for integrating security throughout the software development life cycle (SDLC).

Ziad Ghalleb

September 12, 2024

Application security posture management entails continuously assessing applications for threats, risks, and vulnerabilities throughout the software development lifecycle (SDLC). 

Ziad Ghalleb

September 9, 2024

SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.

Ziad Ghalleb

September 7, 2024

Static Application Security Testing (SAST) is a method of identifying security vulnerabilities in an application's source code, bytecode, or binary code before the software is deployed or executed. 

Ziad Ghalleb

September 7, 2024

In this Academy article, we'll dig into SAST and DAST security testing methods, exploring how they work and their core aspects

Ziad Ghalleb

September 7, 2024

In this article, we’ll explore the step-by-step process of code scanning, its benefits, approaches, and best practices.

Ziad Ghalleb

August 11, 2024

Open-source security is the collection of tools and processes used to secure and manage the lifecycle of open-source software (OSS) and dependencies from development to production.

Ziad Ghalleb

August 9, 2024

Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.

The OWASP DevSecOps Maturity Model (DSOMM) is a framework for assessing and improving DevSecOps practices.

Ziad Ghalleb

July 9, 2024

Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.

Ziad Ghalleb

July 2, 2024

While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.

Swaroop Sham

June 23, 2024

Secret scanning is the practice of running automated scans on code repositories, execution pipelines, configuration files, commits, and other data sources to prevent potential security threats posed by exposed secrets.

Security by design is a software development approach that aims to establish security as a pillar, not an afterthought, i.e., integrating security controls into software products right from the design phase.

Two major formats dominate the SBOM ecosystem: Software Package Data Exchange (SPDX) and CycloneDX (CDX). Let’s review!

Swaroop Sham

May 2, 2024

Code security, also known as secure coding, refers to the practices, methodologies, and tools designed to ensure that the code written for applications and systems is secure from vulnerabilities and threats.

Nicolas Ehrman

March 18, 2024

20 essential security best practices every DevOps team should start with

Swaroop Sham

February 26, 2024

DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.

In this article, we’ll look at the emergence of DevSecOps and then discuss actionable best practices for integrating DevSecOps into your workflows.

Read on for a roundup of top open-source tools that are game-changers when it comes to securing your development and operations pipeline.

Software composition analysis (SCA) tools index your software dependencies to give you visibility into the packages you're using and any vulnerabilities they contain.

In this blog post, we’ll take a deep dive into software supply chains and discuss effective strategies for reducing security risks.

This article will give you a refresher on code security and review the most popular open-source code security tools available.

Swaroop Sham

December 15, 2023

This article will start with a quick refresher on SBOMs and then list the top SBOM-generation tools available.

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Nicolas Ehrman

October 31, 2023

Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.

Nicolas Ehrman

October 27, 2023

11 essential API security best practices that every organization should start with

Swaroop Sham

August 4, 2023

The best Infrastructure as Code (IaC) tools, curated by use case and categorized into CSP-specific and CSP-neutral providers.