Vulnerability Management Lifecycle in DevSecOpsIn this new series, I am sharing my strategy for implementing secure-by-design software processes that empower engineering teams. The first…Mar 27, 2024Mar 27, 2024
How to Handle Mobile App SecretsLearn why storing secrets in mobile apps is a major security risk, how to manage user and developer secrets properly, and why client-side…Feb 23, 2024Feb 23, 2024
Published inGitGuardianHow to Become Great at API Key Rotation: Best Practices and TipsSecret management can be a complex challenge. In this article, we will take you from zero to hero on key rotation.Dec 28, 2023Dec 28, 2023
Published inGitGuardianSecure Code Review Best Practices [cheat sheet included]Reducing vulnerabilities in your software means manual and automated secure code reviews. Download our handy cheat sheet and learn more!Jul 26, 2023Jul 26, 2023
Published inGitGuardianBest Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]Infrastructure as code (IaC) is the practice of managing and provisioning computing resources using configuration files or scripts rather…Apr 13, 2023Apr 13, 2023
Published inGitGuardianThinking Like a Hacker: Finding Source Code Leaks on GitHubAbout this seriesDec 7, 2022Dec 7, 2022
Published inGitGuardianThinking Like a Hacker: Stealing Secrets with a Malicious GitHub ActionHow can an attacker exploit leaked credentials? Fourth case: secrets are stolen with a malicious GitHub action.Oct 13, 2022Oct 13, 2022
Published inGitGuardianThinking Like a Hacker: Commanding a Bot Army of Compromised Twitter AccountsHow can an attacker exploit leaked credentials? Third case: Twitter API keys are used to pump an altcoin.Sep 26, 2022Sep 26, 2022
Published inGitGuardianThinking Like a Hacker: AWS Keys in Private ReposHow can an attacker exploit leaked credentials? Second case: an AWS secret is found in a private repository.Aug 12, 2022Aug 12, 2022
Published inGitGuardianThinking Like a Hacker: Abusing Stolen Private KeysThe first entry in a new series about leaked secret abuse.Jul 21, 2022Jul 21, 2022
![Secure Code Review Best Practices [cheat sheet included]](https://miro.medium.com/v2/resize:fill:160:106/0*fvoMZOfor7U3Q6l7.jpg)
![Secure Code Review Best Practices [cheat sheet included]](https://miro.medium.com/v2/resize:fill:320:214/0*fvoMZOfor7U3Q6l7.jpg)
![Best Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]](https://miro.medium.com/v2/resize:fill:160:106/0*Pd8dojdQRc1AAhmU.png)
![Best Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]](https://miro.medium.com/v2/resize:fill:320:214/0*Pd8dojdQRc1AAhmU.png)
