Resources

Cloud security posture management explained

When many companies move to the cloud, they assume the cloud provider – whether it’s Amazon Web Services (AWS), Google Cloud, Microsoft Azure or any other – is completely responsible for cloud security.

Product Security vs. Application Security: What’s the Difference?

Discover the differences between product and application security to build more secure products and applications.

Understanding Cloud Security - Essential to Your Cybersecurity

Public cloud providers prioritize security since their business model requires maintaining public trust, yet the perimeters that bound traditional on-site IT infrastructure disappear in the cloud.

Security Champions Overview

Security champions are developers with an interest in security and a home in development. They are the interface between two teams that have traditionally been siloed. Let’s take a look at some of the benefits any organization can gain from these programs.

Risk-Based Vulnerability Management (RBVM): What is it & how to implement

Risk-based vulnerability management (RBVM) is a relatively new AppSec practice that empowers organizations to see their risk in context and prioritize the most critical fixes.

SAST vs. DAST: what is the difference and how to combine the two?

Dynamic security testing (DAST) uses the opposite approach of SAST. Whereas SAST tools rely on white-box testing, DAST uses a black-box approach.

How to Prepare for Tomorrow’s Zero-Day Vulnerabilities Today

Zero-day vulnerabilities are all too common in today’s applications. Learn how to identify and fix zero-day vulnerabilities proactively with a developer-first approach to security.

Understanding SOC 2 Audits: Checklist & Process

A SOC 2 audit can give your organization a competitive advantage. But what does the audit entail? Here’s A 4-step SOC 2 Audit checklist.

Static Application Security Testing (SAST) Scanning

Learn more about the 7 stages of Static Application Security Testing (SAST) scanning, its pros and cons, and how it can help keep your source code secure.

5 Key Learnings on How to Get Started in DevSecOps

During DevSecCon’s recent community call on How to Get Started in DevSecOps, security experts from the DevSecCon community shared actionable advice, practical steps, and insights for navigating this critical field. Here are the top five takeaways from this call.

API Security Testing: How to test your API security

API or application programming interface helps applications communicate with each other. Learn how to keep your API's secure with API security testing.

Top 10 Node.js Security Best Practices

Read about five major Node.js security risks and the top ten best practices you can implement to address them and stay secure while building applications.