CloudSec Academy

This FAQ is designed to help teams evaluate whether Wiz is the right cloud security solution for them by answering the most common technical, strategic, and logistical questions.

Nicolas Ehrman

dicembre 12, 2025

Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.

Attack surface discovery (ASD) is the continuous, automated process of identifying and mapping every asset, connection, and service an attacker could target across your entire digital footprint (cloud, hybrid, and on-premises environments).

Runtime scanning answers a critical question: 'What is runtime security for containers?' It focuses on detecting live behaviors, active threats, and anomalies that only appear when containers execute under real production traffic.

Source code scanning is automated analysis of your code, dependencies, and infrastructure definitions to find security issues before you deploy. This means a tool reads your code the way a careful reviewer would, but at high speed and at scale.

CI/CD security scanning is the practice of adding automated security checks into your build and deployment pipelines. This means every meaningful code change is tested for risk before it can reach production.

External vulnerability scanning is a way to find weaknesses in your public-facing systems by testing them from outside your network. This means you see your environment the same way an attacker on the internet would see it.

This blog post will explain strategies for attack surface management (ASM) that integrate both attack surface reduction and attack vector defense into one continuous process, helping you meet the requirements of leading security frameworks like Gartner’s Continuous Threat Exposure Management (CTEM) framework.

Nicolas Ehrman

dicembre 12, 2025

La sicurezza IAM (Identity and Access Management) è un insieme di policy e tecnologie che aiutano le organizzazioni a controllare quali identità possono avere autorizzazioni di accesso a risorse, dati, sistemi e applicazioni.

Shaked Rotlevi

dicembre 12, 2025

Gli attacchi di prompt injection sono una minaccia alla sicurezza dell'intelligenza artificiale in cui un utente malintenzionato manipola il prompt di input nei sistemi di elaborazione del linguaggio naturale (NLP) per influenzare l'output del sistema.

Shaked Rotlevi

dicembre 10, 2025

Cross-site request forgery (CSRF), also known as XSRF or session riding, is an attack approach where threat actors trick trusted users of an application into performing unintended actions.

.

.

.

.

8 strumenti open source di gestione delle vulnerabilità e le loro funzionalità, classificati per caso d'uso

Continuous vulnerability scanning is an automated process that checks systems, networks, and applications for security weaknesses to detect new issues promptly.

This post will explore the top 10 code security platforms to see just how well they secure modern cloud-native applications.

A vulnerability scanning report is a document from a vulnerability scanner that lists discovered weaknesses, shows how severe they are, and explains how to fix them.