Defending your castle: Raising walls versus detecting intruders
Defend your digital assets in 2023 with modern strategies. From IaC scanning to secrets detection to honeytokens, strengthen your castle against evolving threats.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
August 2023
How to Handle Secrets with Google Cloud Secret Manager
This tutorial provides an insightful introduction to GCP's Secret Manager and guides you in creating secrets and securing access to secrets within VMs and CI pipelines.
Developer Week CloudX 2023 - Better security and accessibility in the cloud
Discover DeveloperWeek CloudX: Uniting Global Cloud Experts! Explore insights from security, accessibility, and DevOps leaders from this year's event.
Hardcoded secret at the heart of the Dell Compellent VMware vulnerability
Dell disclosed a Compellent vulnerability affecting VMware users. Let's take a closer look to learn to safeguard your data, prevent coding mishaps, and ensure online security.
Researcher finds GitHub admin credentials of car company thanks to misconfiguration
Take a closer look at a security researcher's tale of hacking a car company via their bug bounty program. Learn how to better protect your apps and your org.
Introducing Infra as Code Security in The GitGuardian Platform
We are proud to introduce Infra as Code Security in The GitGuardian Platform. GitGuardian can now automatically scan connected GitHub or GitLab repositories for IaC template files like Terraform and CloudFormation and alert you about any misconfigurations affecting your AWS, Azure, and GCP deployments, your Kubernetes clusters, and Docker containers.
Unveiling Infra as Code Security in the GitGuardian Platform
Discover how GitGuardian's new Infra as Code Security capabilities empower cloud engineers and security professionals to detect, manage, and resolve IaC vulnerabilities precisely.
GitGuardian Incident Validity and Presence Checks
Two of the first questions typically asked when you are experiencing a secret leak are:"Is the credential still valid?" and"Has the secret been removed from the git repo?" GitGuardian makes it simple to understand the state of your leaked secrets with our automatic validity and presence checks.
DEF CON 31: A hot time in the Las Vegas heat and some cool days in AppSec Village
DEF CON 31 was a unique experience. Read highlights from GitGuardian's time in Las Vegas, AppSec Village, the Hunt the Hacker CTF, insightful talks, and hacker fun.
Customize Your Automated Incident Severity Scoring Rules In GitGuardian
GitGuardian has always made it easy to triage secret leak incidents, Now with custom severity rules, you can automate how GitGuardian labels the criticality of each incident. Fine-tune the pre-built scoring definitions and add your own custom rules that help your team with your particular requirements.
How to Handle Secrets with Azure Key Vault
This tutorial details how to manage secrets effectively using Azure Key Vault. You'll learn how to create secrets and access them in both virtual machines and Kubernetes clusters.
BSidesLV: The big event before the biggest security event in Las Vegas
BSides Las Vegas 2023 united security experts and devs. Highlights include PasswordsCon, medical device security, MFA challenges, and CISA's role in cybersecurity.
Submit Your Incident Feedback Directly In The GitGuardian Dashboard
GitGuardian is making it easier and safer than ever to gather feedback about secret leakage incidents. We have added a feedback form directly to the GitGuardian dashboard incident detail view, allowing your team to provide more info about the incident, including confirming if it's an actual secret, if it gives access to any sensitive info, if it has been revoked, as well as any other relevant details.
From Code to Cloud: Security for Developers [cheat sheet included]
In this cheat sheet, we will walk you through the different stages of the software development lifecycle and highlight key security considerations and tools that can help you mitigate risks and protect your code.
Elevate your secrets security posture with GitGuardian Secrets Detection's latest releases
Detect real secrets, automate severity scoring, prioritize your efforts on your most critical incidents, fix faster with your developers' help, and get the support you deserve from our team of experts!
Detect Code Leaks On Public GitHub With GitGuardian Honeytoken
When your private code becomes publicly visible, you want to know about it immediately. GitGuardian Honeytoken is a quick and easy way to add leakage detection to your repositories. Get a detailed email informing you that your honeytoken has been publicly exposed. GitGuardian Honeytoken gives you the timestamp, IP address, and user agent of who triggered it, as well as what action they were trying to take.
Securing your CI/CD: an OIDC Tutorial
The article highlights the significance of securing CI/CD systems and offers three best practices. It introduces OpenID Connect (OIDC) as a means to employ short-lived tokens for improved security.
Why you should look beyond source code for exposed secrets
Learn more about the various sources of exposed secrets beyond source code repositories. From CI/CD systems to container images, runtime environments to project management tools, uncover the risks associated with storing secrets in these sources.
Protect Your Keys - Lessons from the Azure Key Breach
Learn how to better protect your organization from attacks by looking at how attackers compromised a Microsoft signing key. Secure your keys and actively monitor code and logs.
How to Secure Your Productivity Tools with GitGuardian Honeytoken
GitGuardian Honeytokens are potent tools in the cybersecurity toolkit, notifying you of any unauthorized activities in code repos, Jira, Slack, Linear, and more.