Learning Center

Measures to protect Application Programming Interfaces from threats.

Mechanisms that restrict unauthorized access to resources.

A storage location for software build artifacts.

Many attacks get in through external open source and vendor dependencies.‍

Identifying and assessing potential attack vectors.

Securing blockchain networks and smart contracts.

Programs rewarding individuals for discovering software vulnerabilities.

The purpose of the CVE system is simple: to assign unique identifiers to known vulnerabilities in software and hardware.

Cache poisoning is a security vulnerability where attackers insert invalid or malicious data into a cache, such as a DNS cache or web cache, tricking the system into trusting and serving this compromised information to users.

Reviewing source code to detect security flaws.

Using tools to automate adherence to compliance standards.

Practices ensuring containerized applications are secure.

Processes that track and update software dependencies.

Integrating security practices within DevOps workflows.

Upcoming EU law to enforce cybersecurity requirements for digital products and software.

EU regulation ensuring safety and performance of medical devices through strict compliance.

Protecting end-user devices from cyber threats.

Understanding FDA 524B(b) Regulations for Medical Device Compliance.

Protecting embedded software in hardware devices.

Investigation methods used to uncover security breaches.

EU regulation for personal data protection and privacy, enforceable across all member states.

Frameworks ensuring adherence to policies and regulations.

Procedures for managing and mitigating security incidents.

Practices and tools specific to securing Java applications.

Securing container orchestration environments.

Medical device cybersecurity, third-party and legacy software risk.

The practice of embedding security into the entire software development lifecycle for medical technology to ensure medical devices are secure, compliant, and resilient while accelerating their development and release.

Comprehensive cybersecurity framework that establishes requirements for protecting Controlled Unclassified Information (CUI) when it resides in nonfederal systems and organizations.

Comprehensive cybersecurity framework for organizations seeking to protect their information systems and data assets.

Adhering to the security standards defined by NIST.

A common language and control catalog for software security.

Securing open source components used in software development.

Confirming the authenticity and integrity of software packages.

Evaluating potential security threats and vulnerabilities in the SDLC.

A comprehensive list of components in a software product.

A critical security practice that examines and evaluates the third-party and open source components within your applications.

Identifying and mitigating risks in the software supply chain.

Reviewing code without executing it to find vulnerabilities.

An attack targeting vulnerabilities in the supply chain.

Transitive dependencies are indirect third-party components that your application inherits through its direct dependencies.

A vulnerability in your external software supply chain exposes your dependencies to supply chain attacks.

Automated scanning for known security weaknesses.

Securing business processes and automated workflows.