January 2024

Securing the Gateway - Mastering API Security in the Modern Web Landscape

Jan 31, 2024 By GitGuardian In GitGuardian

APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.

View Video

GitGuardian

Read more about Securing the Gateway - Mastering API Security in the Modern Web Landscape

GitGuardian Honeytoken For Peace Of Mind

Jan 31, 2024 By GitGuardian In GitGuardian

GitGuardian Honeytokens can help you stay safe as you tackle secrets sprawl at scale. Deploying GitGuardian honeytokens into all of your repositories will give you an immediate warning system, letting you know when someone scans your repos or if they they get leaked onto the public internet. Dealing with a large number of incidents is already challenging enough, Use GitGuardian honeytokens to buy some peace of mind while you work to eliminate secrets sprawl.

View Video

GitGuardian

Read more about GitGuardian Honeytoken For Peace Of Mind

Evaluating Secrets Detection Platforms Is Complex: GitGuardian is here to help you navigate the process

Jan 30, 2024 By Dwayne McDaniel In GitGuardian

Discover GitGuardian's efficient POC-based approach to evaluating a secrets detection and remediation platform, simplifying the complex buying process for enterprises.

Read Post

GitGuardian

Read more about Evaluating Secrets Detection Platforms Is Complex: GitGuardian is here to help you navigate the process

Terraform Project for Managing Vault Secrets in a Kubernetes Cluster

Jan 29, 2024 By Guest Expert In GitGuardian

This article uses Kubernetes Secrets as a native Kubernetes component for handling sensitive data at container runtime and Vault as a trusted storage and maintenance solution for sensitive data.

Read Post

GitGuardian

Read more about Terraform Project for Managing Vault Secrets in a Kubernetes Cluster

What is SCA (Software Composition Analysis) software?

Jan 26, 2024 By GitGuardian In GitGuardian

SCA or Software Composition Analysis is an important security tool that helps you understand how your application is made up. Our software is built from open-source components and these components can have vulnerabilities or simply be malicious. SCA scans our applications to identify these components and lets us know if there are vulnerabilities or issues within it. In this short video we explain what SCA tools are and how they work as well as there role in application and cyber security.

View Video

GitGuardian

Read more about What is SCA (Software Composition Analysis) software?

Five Ways Your CI/CD Pipeline Can Be Exploited

Jan 24, 2024 By Greg Bulmash In GitGuardian

CI/CD pipelines can be exploited in a number of ways and we're going to share a few with you.

Read Post

GitGuardian

Read more about Five Ways Your CI/CD Pipeline Can Be Exploited

Store API keys and other secrets securely in python using env variables

Jan 23, 2024 By GitGuardian In GitGuardian

In this Tech Tip Tuesday video we share how to securely store secrets like API keys or other credentials environment variables. To do this we use the python dotenv project to store secrets in a.env file and load them into local memory. Subscribe for more tech tips, on Tuesdays and other days.

View Video

GitGuardian

Read more about Store API keys and other secrets securely in python using env variables

Risks of source code leakage

Jan 22, 2024 By GitGuardian In GitGuardian

Attackers are always after your source code! Source code is very leaky and often contains sensitive information like secrets (APi keys or credentials).

View Video

GitGuardian

Read more about Risks of source code leakage

Has My Secret Leaked? [Security Zines]

Jan 19, 2024 By Thomas Segura In GitGuardian

A new comic strip to better grasp the simple but effective way HasMySecretLeaked checks your secrets without asking you to reveal them!

Read Post

GitGuardian

Read more about Has My Secret Leaked? [Security Zines]

What is DAST (Dynamic Application Security Testing) 60 sec explainer

Jan 19, 2024 By GitGuardian In GitGuardian

Discover the Power of DAST in Cybersecurity | Dynamic Application Security Testing Explained In the digital age, cyber threats are a constant concern. Protecting your organization's data and systems is paramount, and that's where DAST (Dynamic Application Security Testing) comes into play!

View Video

GitGuardian

Read more about What is DAST (Dynamic Application Security Testing) 60 sec explainer

Good Application Security Posture Management Requires Great Data

Jan 17, 2024 By Dwayne McDaniel In GitGuardian

Discover how GitGuardian enhances Application Security Posture Management, ASPM, with top-notch code security and secrets detection and remediation coordination.

Read Post

GitGuardian

Read more about Good Application Security Posture Management Requires Great Data

Fast food restaurants hacked simultaneously - Breach breakdown

Jan 17, 2024 By GitGuardian In GitGuardian

The video based on this article discusses a cybersecurity researcher's experience in uncovering a major security flaw in an AI-based hiring system called Chattr.ai, which provides services to numerous fast-food chains and hourly employers across the United States, including popular names like Applebees, Arbys, Chickfila, Dunkin, IHOP, KFC, Shoneys, Subway, Tacobell, Target, and Wendys. The researcher's investigation was triggered by their suspicion that many startups using Firebase, particularly those with the.ai top-level domain, may have exposed credentials.

View Video

GitGuardian

Read more about Fast food restaurants hacked simultaneously - Breach breakdown

Three Tips To Use AI Securely at Work

Jan 12, 2024 By Greg Bulmash In GitGuardian

How can developers use AI securely in their tooling and processes, software, and in general? Is AI a friend or foe? Read on to find out.

Read Post

GitGuardian

Read more about Three Tips To Use AI Securely at Work

Understanding the Risks of Long-Lived Kubernetes Service Account Tokens

Jan 11, 2024 By Thomas Segura In GitGuardian

Kubernetes Service Account tokens are exploited in many attack chain scenarios. Learn how to mitigate these risks and secure your Kubernetes clusters effectively.

Read Post

GitGuardian

Read more about Understanding the Risks of Long-Lived Kubernetes Service Account Tokens

What is SAST? Static Application Security Testing explained in 60 seconds

Jan 11, 2024 By GitGuardian In GitGuardian

Discover the world of Static Application Security Testing (SAST) in this concise video. SAST, which stands for Static Application Security Testing, is an essential security tool that examines your source code for potential vulnerabilities. Unlike dynamic tools, SAST operates solely on your code, making it a static analysis tool.

View Video

GitGuardian

Read more about What is SAST? Static Application Security Testing explained in 60 seconds

Secure Your Secrets with .env

Jan 8, 2024 By Greg Bulmash In GitGuardian

Using environment variables to store secrets instead of writing them directly into your code is one of the quickest and easiest ways to add a layer of protection to your projects.

Read Post

GitGuardian

Read more about Secure Your Secrets with .env

Guardian Goofs: Signs Your Developers Are Leaking Secrets

Jan 4, 2024 By Greg Bulmash In GitGuardian

Welcome to 2024 and a new monthly feature here at GitGuardian, a comic strip called "Guardian Goofs." If you like it, please show it some love by hitting one of those "share" links below it. And check back on the first Thursday of each month for the newest "Goof." Share this article on Twitter, HackerNews, LinkedIn, or Reddit.

Read Post

GitGuardian

Read more about Guardian Goofs: Signs Your Developers Are Leaking Secrets

Application Security Posture Management with GitGuardian and ArmorCode

Jan 2, 2024 By Guest Expert In GitGuardian

Managing GitGuardian Findings as Part of a Complete Risk-Based Software Security Program with ArmorCode ASPM.

Read Post

GitGuardian

Read more about Application Security Posture Management with GitGuardian and ArmorCode

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

Securing the Gateway - Mastering API Security in the Modern Web Landscape

GitGuardian Honeytoken For Peace Of Mind

Evaluating Secrets Detection Platforms Is Complex: GitGuardian is here to help you navigate the process

Terraform Project for Managing Vault Secrets in a Kubernetes Cluster

What is SCA (Software Composition Analysis) software?

Five Ways Your CI/CD Pipeline Can Be Exploited

Store API keys and other secrets securely in python using env variables

Risks of source code leakage

Has My Secret Leaked? [Security Zines]

What is DAST (Dynamic Application Security Testing) 60 sec explainer

Good Application Security Posture Management Requires Great Data

Fast food restaurants hacked simultaneously - Breach breakdown

Three Tips To Use AI Securely at Work

Understanding the Risks of Long-Lived Kubernetes Service Account Tokens

What is SAST? Static Application Security Testing explained in 60 seconds

Secure Your Secrets with .env

Guardian Goofs: Signs Your Developers Are Leaking Secrets

Application Security Posture Management with GitGuardian and ArmorCode

Monthly Archive

Follow Us