CloudSec Academy

Shaked Rotlevi

11月 21, 2025

.

Shaked Rotlevi

11月 21, 2025

.

A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.

Zero trust data security extends traditional zero trust principles to data protection by requiring continuous verification.

Code auditing is the systematic examination of source code to identify security vulnerabilities, bugs, performance issues, and compliance violations.

GDPR security controls are the mandatory technical and organizational safeguards you must implement to protect the personal data you process.

Snort rules are the detection logic that powers Snort, an open-source intrusion detection and prevention system.

Swaroop Sham

11月 20, 2025

This article will start with a quick refresher on SBOMs and then list the top SBOM-generation tools available.

CI/CD security tools automate security checks in development pipelines to identify vulnerabilities and misconfigurations during code changes, ensuring continuous security.

Open-source intelligence (OSINT) is a framework that involves gathering, analyzing, and interpreting publicly available data to gain insights into cyber threats, adversarial activities, and attack techniques. OSINT identifies innocuous-seeming information that, if analyzed with an attacker’s mindset, could reveal critical loopholes in an enterprise’s security posture.

SecOps is the collaborative integration of IT security and operations teams to protect and manage an organization's digital assets more efficiently.

Ziad Ghalleb

11月 17, 2025

In this Academy article, we'll dig into SAST and DAST security testing methods, exploring how they work and their core aspects

eBPF provides deep visibility into network traffic and application performance while maintaining safety and efficiency by executing custom code in response to the kernel at runtime.

Shaked Rotlevi

11月 17, 2025

An AI bill of materials (AI-BOM) is a complete inventory of all the assets in your organization’s AI ecosystem. It documents datasets, models, software, hardware, and dependencies across the entire lifecycle of AI systems—from initial development to deployment and monitoring.

Greg Zemlin

11月 17, 2025

Build a strong incident response policy to manage cybersecurity crises with clear roles, compliance steps, and hands-on training.

An incident response framework is a blueprint that helps organizations deal with security incidents in a structured and efficient way. It outlines the steps to take before, during, and after an incident, and assigns roles and responsibilities to different team members.

クラウド環境を守り、リスクを軽減し、コンプライアンスを容易に確保するための必須のAWSセキュリティベストプラクティスをご紹介します。

Serverless security is the extra layer of protection designed for applications built on a serverless architecture. In this type of cloud computing, you write the code (functions) but the cloud provider handles the servers. This creates a different security approach.

Ziad Ghalleb

11月 17, 2025

While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.