CloudSec Academy

Ziad Ghalleb

10月 17, 2025

静的アプリケーションセキュリティテスト(SAST)は、ソフトウェアがデプロイまたは実行される前に、アプリケーションのソースコード、バイトコード、またはバイナリコードのセキュリティの脆弱性を特定する方法です。 

Cloud ransomware is malware that targets data in cloud environments by exploiting features and APIs to encrypt, exfiltrate or destroy data.

DevOps is a way of working that breaks down walls between development and operations teams. This means developers and IT operations work together instead of in separate silos, which helps companies build and release software faster.

Threat hunting frameworks provide structured, repeatable methodologies for proactively searching for hidden threats that have bypassed traditional security defenses in cloud environments.

The threat intelligence lifecycle is a continuous, six-phase process that transforms raw data about potential cyber threats into refined, actionable intelligence

Threat hunting actively searches for hidden threats already inside your network, while threat intelligence gathers external information about potential threats to inform security strategy.

Secrets management is the practice of securely storing, controlling access to, and managing digital credentials like passwords, API keys, and certificates.

Shaked Rotlevi

10月 17, 2025

このガイドでは、AIガバナンスが組織にとって非常に重要になった理由を解説し、この分野を形作る主要な原則と規制に焦点を当て、独自のガバナンスフレームワークを構築するための実行可能な手順を提供します。

Greg Zemlin

10月 16, 2025

Get the top 10 threat intelligence tools for 2025—key features and limitations. This master list covers the best TI feeds and tools for your environment.

Shaked Rotlevi

10月 16, 2025

AI compliance standards are changing fast, yet 85% of organizations still use AI tools. Get best practices and frameworks to protect your cloud environment.

Learn the key stages of a modern vulnerability management lifecycle and find out how a unified approach to visibility can improve multi-cloud security.

Discover the top open-source security tools for cloud security. This guide covers the pros and cons and explains how a scanner fits into your security stack.

Generative AI (GenAI) security is an area of enterprise cybersecurity that zeroes in on the risks and threats posed by GenAI applications. To reduce your GenAI attack surface, you need a mix of technical controls, policies, teams, and AI security tools.

In this article, we’ll take a closer look at how you can leverage SAST for code security. We’ll also explore key features of open-source SAST tools, such as language support, integration capabilities, and reporting functionalities.

LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.

Shaked Rotlevi

10月 12, 2025

クラウド セキュリティ ポスチャ管理 (CSPM) は、クラウド環境とサービス (パブリック読み取りアクセスのある S3 バケットなど) のリスクを継続的に検出して修復するプロセスを表します。CSPM ツールは、業界のベスト プラクティス、規制要件、セキュリティ ポリシーに照らしてクラウド構成を自動的に評価し、クラウド環境が安全で適切に管理されていることを確認します。

Greg Zemlin

10月 11, 2025

Attack path analysis (APA) is a cybersecurity technique that identifies and maps how potential attackers could infiltrate your network and systems

Greg Zemlin

10月 11, 2025

A threat intel feed, or threat intelligence feed, provides a continuous incoming flow of data related to cyber threats and risks.

Nodes are the physical or virtual machines that provide computing resources in a Kubernetes cluster, while pods are the smallest deployable units that contain one or more containers