Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy
In the Software Development Lifecycle (SDLC) and the DevSecOps world, there are different stages of security analysis. One of them
Read more
How to use Multifactor Authentication (MFA) in AWS from the command line
Nowadays, relying on password-only authentication for AWS accounts managing production-related workload is extremely dangerours. Multi-factor authentication (MFA) is a must
Read more
How I successfully passed the AWS Certified Security Specialty exam?
Last December (2019) I had the chance to successfully pass the AWS Certified Security Specialty exam. It took me between 2 and
Read more
What does “Shifting Security Left” mean?
Today, up to 90% of security breaches are caused by software vulnerabilities, additionally penetration testing activities commonly occur near the last
Read more
How to align your AWS Strategy with the NIST Cybersecurity Framework
The NIST Cybersecurity Framework (CSF) is a non-profit endeavor based on best practices and using existing standards, originally intended for
Read more
How to Successfully Onboard DevSecOps into your Business
Security requirements are foundational for every business project and should be prioritized with the same importance than Software Development (Dev)
Read more
Starting a solid Application Security Program
Establishing a robust Application Security Program is not something that occurs overnight. It is a process that inevitably requires incorporating
Read more
Application Container Security – Being Compliant from the Beginning
In order to manage application infrastructure administrators rely on containers and tools that empower the DevOps team to package, deliver,
Read more
Getting Started with OpenSCAP
The Security Content Automation Protocol, generally recognized as SCAP, enables automated vulnerability management, measurement and policy compliance evaluation of systems based on
Read more
What is Interactive Application Security Testing (IAST) and Runtime Application Self-Protection (RASP)?
Interactive Application Security Testing, also known as IAST, utilizes runtime testing techniques to help organizations identify and manage security risks. It
Read more