Wiz Defend ya está aquí: detección y respuesta ante amenazas para la nube

CloudSec Academy

Bienvenido a CloudSec Academy, tu guía para navegar por la sopa de alfabeto de los acrónimos de seguridad en la nube y la jerga de la industria. Cortar el ruido con contenido claro, conciso y elaborado por expertos que cubra los fundamentos de las mejores prácticas.

What is Application Security (AppSec)?

Application security refers to the practice of identifying, mitigating, and protecting applications from vulnerabilities and threats throughout their lifecycle, including design, development, deployment, and maintenance.

Securing Cloud IDEs

Cloud IDEs allow developers to work within a web browser, giving them access to real-time collaboration, seamless version control, and tight integration with other cloud-based apps such as code security or AI code generation assistants.

Secure SDLC

Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.

What is interactive application security testing (IAST)?

Equipo de expertos de Wiz

IAST (Interactive Application Security Testing) is a security testing method that monitors applications in real-time during runtime to detect vulnerabilities by analyzing code behavior and data flow in live environments.

What is SecDevOps? + How It Differs From DevSecOps

SecDevOps is essentially DevOps with an emphasis on moving security further left. DevOps involves both the development team and the operations team in one process to improve deployment performance and service customers faster.

Source Code Leaks: Risks, Examples, and Prevention

Equipo de expertos de Wiz

In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.

Secrets Detection: A Fast-Track Guide

Secrets detection is the process of identifying and managing sensitive information like API keys, passwords, and tokens within codebases to prevent unauthorized access and data breaches.

Top 14 OSS Application Security Tools by Use Case

The top 14 open-source application security tools—including SCA, secrets scanning, and application security testing tools—to help you streamline the critical process of securing your apps from threats and vulnerabilities.

Top 9 OSS API Security Tools

Equipo de expertos de Wiz

A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.

SAST vs. SCA: What's the Difference?

SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.

What is Security as Code (SaC)?

Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.

What is Policy as Code? 

Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.

GitOps vs. DevOps

While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.

What is Security by Design?

Equipo de expertos de Wiz

Security by design is a software development approach that aims to establish security as a pillar, not an afterthought, i.e., integrating security controls into software products right from the design phase.

Guide to Standard SBOM Formats

Equipo de expertos de Wiz

Two major formats dominate the SBOM ecosystem: Software Package Data Exchange (SPDX) and CycloneDX (CDX). Let’s review!

Seguridad del código (Code Security)

La seguridad del código, también conocida como codificación segura, se refiere a las prácticas, metodologías y herramientas diseñadas para garantizar que el código escrito para aplicaciones y sistemas esté a salvo de vulnerabilidades y amenazas.

What is DevSecOps?

DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.

DevSecOps Best Practices Checklist

Equipo de expertos de Wiz

In this article, we’ll look at the emergence of DevSecOps and then discuss actionable best practices for integrating DevSecOps into your workflows.

Software Supply Chain Security Best Practices

Equipo de expertos de Wiz

In this blog post, we’ll take a deep dive into software supply chains and discuss effective strategies for reducing security risks.

The Open-Source Code Security Tool Roundup

Equipo de expertos de Wiz

This article will give you a refresher on code security and review the most popular open-source code security tools available.

Malicious Code Explained

Equipo de expertos de Wiz

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

CI/CD Pipeline Security Best Practices

Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.