The Secure Software Development Framework (SSDF)
NIST’s Secure Software Development Framework (SSDF) is a structured approach that provides guidelines and best practices for integrating security throughout the software development life cycle (SDLC).
Bienvenido a CloudSec Academy, tu guía para navegar por la sopa de alfabeto de los acrónimos de seguridad en la nube y la jerga de la industria. Cortar el ruido con contenido claro, conciso y elaborado por expertos que cubra los fundamentos de las mejores prácticas.
NIST’s Secure Software Development Framework (SSDF) is a structured approach that provides guidelines and best practices for integrating security throughout the software development life cycle (SDLC).
SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.
In this article, we’ll explore the step-by-step process of code scanning, its benefits, approaches, and best practices.
A Kubernetes cluster consists of a group of node machines designed to run applications within containers.
Open-source security is the collection of tools and processes used to secure and manage the lifecycle of open-source software (OSS) and dependencies from development to production.
Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.
Helm Charts streamline the deployment of applications by providing a packaging format that includes all necessary Kubernetes resources.
A container engine is a software tool that automates the process of running applications in isolated, lightweight environments called containers.
eBPF provides deep visibility into network traffic and application performance while maintaining safety and efficiency by executing custom code in response to the kernel at runtime.
Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.
While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.
Kubernetes namespaces divide a given cluster into virtual clusters, helping to separate and manage resources while still keeping them within the same physical cluster. By segregating workloads and applying policies per namespace, you can create boundaries that keep your multi-tenant environments safe and organized.
Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.
Security by design is a software development approach that aims to establish security as a pillar, not an afterthought, i.e., integrating security controls into software products right from the design phase.
Two major formats dominate the SBOM ecosystem: Software Package Data Exchange (SPDX) and CycloneDX (CDX). Let’s review!
Kubernetes runtime security refers to the measures and practices implemented to protect Kubernetes clusters and the applications running within them during their operational phase.
In Kubernetes, a security context defines privilege and access control settings for a Pod or Container. It allows you to specify security configurations such as user and group IDs, filesystem permissions, and capabilities.
Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.
Kubernetes role-based access control (RBAC) serves as a foundational security layer within Kubernetes. It is essential for regulating access to the K8s API and its resources, allowing organizations to define user roles with specific permissions to effectively control who can see or interact with what resources within a cluster.
La seguridad del código, también conocida como codificación segura, se refiere a las prácticas, metodologías y herramientas diseñadas para garantizar que el código escrito para aplicaciones y sistemas esté a salvo de vulnerabilidades y amenazas.
Common security risks associated with Terraform and the 6 essential best practices for terraform security.
Container orchestration involves organizing groups of containers that make up an application, managing their deployment, scaling, networking, and their availability to ensure they're running optimally.
The primary function of admission controllers is the enforcement of custom policies on incoming requests, ensuring that only valid and compliant API requests are executed.
Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.
Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.
Containers as a service (CaaS) is a cloud service model that allows users to manage, upload, scale, run, and terminate containers using a service provider's API or web portal.
20 essential security best practices every DevOps team should start with
Take a deep dive into the world of container images and learn their essential role in cloud security.
Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.
Container architecture is a way to package and deploy applications as standardized units called containers.
9 essential best practices to securing your Kubernetes workloads
A container registry is a service that stores, manages, and distributes application images. Its architecture is designed to ensure availability by providing a centralized resource for container image discovery, distribution, and deployment.
In this guide, we'll look at a variety of Docker alternatives that provide different benefits for your workloads—such as daemonless operation, a simplified management experience, improved container security, and enhanced scalability and orchestration for production environments.
DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.
This blog post explores the world of container orchestration tools beyond Kubernetes, highlighting cloud provider tools and open-source alternatives that promise to redefine how we deploy and manage applications.
A container runtime is the foundational software that allows containers to operate within a host system.
Secure coding is the practice of developing software that is resistant to security vulnerabilities by applying security best practices, techniques, and tools early in development.
Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.
In this blog post, we’ll take a deep dive into software supply chains and discuss effective strategies for reducing security risks.
This article will give you a refresher on code security and review the most popular open-source code security tools available.
This article will start with a quick refresher on SBOMs and then list the top SBOM-generation tools available.
Container security scanning is a process that systematically analyzes container images for vulnerabilities and security issues, allowing developers to address potential threats before they escalate into breaches.
Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.
Infrastructure as code (IaC) scanning is the process of analyzing the scripts that automatically provision and configure infrastructure.
Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.
AI is the engine behind modern development processes, workload automation, and big data analytics. AI security is a key component of enterprise cybersecurity that focuses on defending AI infrastructure from cyberattacks.
Software supply chain security describes the set of processes that ensure the integrity, authenticity, and security of software components throughout their lifecycle.
Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.
Infrastructure as Code (IaC) security is the practice of securing cloud infrastructure by embedding security controls into IaC templates and scripts.
It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.
10 essential AWS security best practices every organization should start with
11 native tools for IAM, data protection, network and application protection, compliance management, and threat detection
The best Infrastructure as Code (IaC) tools, curated by use case and categorized into CSP-specific and CSP-neutral providers.