Kubernetes is getting more secure, but its popularity makes it a target. The new open-source tool kube-hunter helps you improve your team's hunt.
Adding hacking payloads to your existing security testing delivers in-depth, broad coverage. It's that simple. Here's how to get started.
DevOps and static security testing are not ideal partners. Paring down the test set using machine learning, however, can help. Here are key tips.
OWASP's Proactive Controls help build secure software but motivating developers to write secure code can be challenging.
Tackling the security policy-to-execution gap requires integrating security, risk, and workflows. Here's how to get started.
The best way to deal with both rattlesnakes and security breaches is to avoid them to begin with. Security automation can be a great help here.
Testing cryptographic-enabled apps is difficult—and getting harder. Here's one key tip: Don't write your own cryptographic software!
A web application firewall is your first layer of defense. It's open source, free, and enables virtual patching. Here's how to make it manageable.
Automated security testing is the way to go. Here's why, the caveats to keep in mind, and some suggestions for getting started.
Since the early days of  software development, three deadly security "sins" have been all too common in programming. Here's how to avoid them.