Welcome to CloudSec Academy, your guide to navigating the alphabet soup of cloud security acronyms and industry jargon. Cut through the noise with clear, concise, and expertly crafted content covering fundamentals to best practices.
Open-source intelligence (OSINT) is a framework that involves gathering, analyzing, and interpreting publicly available data to gain insights into cyber threats, adversarial activities, and attack techniques. OSINT identifies innocuous-seeming information that, if analyzed with an attacker’s mindset, could reveal critical loopholes in an enterprise’s security posture.
Vulnerability scanning is an integral component of every vulnerability management program, providing security teams with insights needed to address vulnerabilities before they become attack vectors. When conducted regularly, vulnerability assessments offer asset discovery and visibility, attack surface management, and compliance enforcement.
A threat intel feed, or threat intelligence feed, provides a continuous incoming flow of data related to cyber threats and risks.
In this blog post, we’ll shine a light on the top OSS threat intelligence platforms and tools that enterprises can integrate into their security stack.
The top 14 open-source application security tools—including SCA, secrets scanning, and application security testing tools—to help you streamline the critical process of securing your apps from threats and vulnerabilities.
A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.
In this article, we’ll explore the top 9 OSS CSPM tools available today, each with its unique capabilities and benefits for helping organizations identify cloud misconfigurations, prevent security breaches, and ensure compliance with industry standards.
Writing your IR plan from scratch? Not sure where to begin? Get a head start with these free templates and examples.
8 open-source vulnerability management tools and their features, categorized by use case
This blog explores the significance of security in Azure environments and provides an overview of native as well as third-party security tools available to improve an organization’s Azure security stance.
10 native tools for IAM, data protection, network security, threat detection, and compliance management.
We cover the top container security tools across 7 common use cases, including image scanning, compliance, secrets management, and runtime security.
Learn how to create your own company incident response policy to prepare and prevent against an attack on your IT systems in this complete guide.
This blog post explores the world of container orchestration tools beyond Kubernetes, highlighting cloud provider tools and open-source alternatives that promise to redefine how we deploy and manage applications.
We’ll take a deep dive into the MLSecOps tools landscape by reviewing the five foundational areas of MLSecOps, exploring the growing importance of MLSecOps for organizations, and introducing six interesting open-source tools to check out
Explore the security roles your tools should cover, then outline the key tool types to help you build your security workflows.
Read on for a roundup of top open-source tools that are game-changers when it comes to securing your development and operations pipeline.
This article will give you a refresher on code security and review the most popular open-source code security tools available.
This article will start with a quick refresher on SBOMs and then list the top SBOM-generation tools available.
Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.
It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.
11 native tools for IAM, data protection, network and application protection, compliance management, and threat detection
The best Infrastructure as Code (IaC) tools, curated by use case and categorized into CSP-specific and CSP-neutral providers.
