aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

Operation-Molasses

🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...

IaC Inventory: A Unified View Across Code, Deployments, and Cloud

As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical...

devops-security-pipeline-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

Can Developers Rely on LLMs for Secure IaC Development?

We investigated the capabilities of GPT-4o and Gemini 2.0 Flash for secure Infrastructure as Code IaC development. For security smell detection, on the Stack Overflow dataset, which primarily contains small, simplified code snippets, the models detected at least 71% of security smells when prompt...

Holoscope: Open and Lightweight Distributed Telescope and Honeypot Platform

The complexity and scale of Internet attacks call for distributed, cooperative observatories capable of monitoring malicious traffic across diverse networks. Holoscope is a lightweight, cloud-native platform designed to simplify the deployment and management of distributed telescope passive and...

lw-cnapp-microservices-iac

Project 2: Microservices with Infrastructure as Code ⚠️ WAR...

The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment

Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless...

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...

ARPaCCino: an Agentic-RAG for Policy As Code Compliance

Policy as Code PaC is a paradigm that encodes security and compliance policies into machine-readable formats, enabling automated enforcement in Infrastructure as Code IaC environments. However, its adoption is hindered by the complexity of policy languages and the risk of misconfigurations. In th...

Managed Databases as Code Using Terraform

...

Proactively Securing Cloud Workloads in the CI/CD Pipeline with Rapid7 and Azure DevOps

As organizations continue to embrace cloud-native development practices, the need for integrated security solutions that seamlessly fit into existing DevOps environments has become more pressing than ever. We recognize this critical need and have added new integration for InsightCloudSec ICS and...

Simplifying Infrastructure Management with Imperva’s Terraform Module for Cloud WAF

In todays rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code IaC has emerged as a game-changer, enabling organizations to automate the provisioning and...

5 Ways to Maximize the Impact of IaC Scans

By Uzair Amir Infrastructure-as-code IaC continues to gain traction and is even hailed for having changed software development towards greater efficiency… This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans...

What Is Policy-as-Code

Decoding the Enigma: Policy-as-Code Explained The Information Technology IT sector can often feel like a maze of intricate jargon and theories. A phrase gaining traction in this field is Policy-as-Code PaC. However, what does Policy-as-Code entail? Let's demystify this enigma. Policy-as-Code...

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...