CloudSec Academy

Welcome to CloudSec Academy, your guide to navigating the alphabet soup of cloud security acronyms and industry jargon. Cut through the noise with clear, concise, and expertly crafted content covering fundamentals to best practices.

Top 9 OSS API Security Tools

Wiz Experts Team

A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.

SAST vs. SCA: What's the Difference?

SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.

What is Security as Code (SaC)?

Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.

What is Policy as Code? 

Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.

GitOps vs. DevOps

While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.

What is Security by Design?

Wiz Experts Team

Security by design is a software development approach that aims to establish security as a pillar, not an afterthought, i.e., integrating security controls into software products right from the design phase.

Guide to Standard SBOM Formats

Wiz Experts Team

Two major formats dominate the SBOM ecosystem: Software Package Data Exchange (SPDX) and CycloneDX (CDX). Let’s review!

Code Security

Code security, also known as secure coding, refers to the practices, methodologies, and tools designed to ensure that the code written for applications and systems is secure from vulnerabilities and threats.

SBOM Security

A Software Bill of Material (SBOM) is a comprehensive inventory that details every software component that makes up an application.

What is DevSecOps?

DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.

DevSecOps Best Practices Checklist

Wiz Experts Team

In this article, we’ll look at the emergence of DevSecOps and then discuss actionable best practices for integrating DevSecOps into your workflows.

Secure Coding Explained

Secure coding is the practice of developing software that is resistant to security vulnerabilities by applying security best practices, techniques, and tools early in development.

Software Composition Analysis (SCA)

Wiz Experts Team

Software composition analysis (SCA) tools index your software dependencies to give you visibility into the packages you're using and any vulnerabilities they contain.

Malicious Code Explained

Wiz Experts Team

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Secure SDLC

Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.

CI/CD Pipeline Security Best Practices

Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.

IaC Security Explained

Infrastructure as Code (IaC) security is the practice of securing cloud infrastructure by embedding security controls into IaC templates and scripts.

What is API security?

API security encompasses the strategies, procedures, and solutions employed to defend APIs against threats, vulnerabilities, and unauthorized intrusion.