by andriejsazanowicz
During a last years according to Top 10 cyber attack analysis, the cost of cybercrimes is growing abnormally fast. The ‘bad guys’ is continuously finding a new cyberattack threats and breaches, new more sophisticated way to get inside into network infrastructure. Cybersecurity specialists, from another hand, do their best to prevent and if happens stop … Read more
CheckovĀ is a static code analysis tool for infrastructure as code (IaC) and also a software composition analysis (SCA) tool for images and open source packages. This is easy way to perform composition analysis any kind of cloud infrastructure. It supports AWS, Azure, GCP including Terraform, Terraform plan, AWS Cloudformation, Kubernetes, Helm charts, Dockerfile, Bicep, OpenAPI … Read more
A port scan attack is a common technique hackers use to discover open doors or weak points in a network. A port scan attack helps cyber criminals find open ports and figure out whether they are receiving or sending data. It is very important to detect such activity as soon as it take place and mitigate … Read more
Poisoned Pipeline Execution (PPE) is a pentesting methodology and attack vector abuses permissions against an SCM repository, in a way that causes a CI pipeline to execute malicious commands. Users that have permissions to manipulate the CI configuration files, or other files which the CI pipeline job relies on, can modify them to contain malicious … Read more
Software Development Life Cycle (SDLC) is an organized process of developing a secure application throughout the life of the project. Secure SDLC (SecSDLC) integrates security into the process, resulting in the security requirements being gathered alongside functional requirements, risk analysis being undertaken during the design phase, and security testing happening in parallel with development. Stages … Read more