Learning Center

Mechanisms that restrict unauthorized access to resources.

An automated process that uses machine learning and natural language processing to analyze source code for bugs, security vulnerabilities, style inconsistencies, and other issues.

Measures to protect Application Programming Interfaces from threats.

A cybersecurity approach that continuously monitors and improves an organization's applications' security throughout their lifecycle, integrating findings from various security tools (like SAST, DAST, and SCA) into a unified view to prioritize vulnerabilities based on risk and enable automated remediation.

A storage location for software build artifacts.

The practice of applying cryptographic signatures to software artifacts.

Many attacks get in through external open source and vendor dependencies.‍

Identifying and assessing potential attack vectors.

A cryptographically signed statement verifying software artifact facts like build process and security scans.

The practice of securing and maintaining the foundational container images from which application containers are built.

The examination of binary code to identify vulnerabilities.

Securing blockchain networks and smart contracts.

A security control mechanism that organizations apply to their source code repositories.

Programs rewarding individuals for discovering software vulnerabilities.

The use of tools to automate software build processes.

The authenticated documentation that captures the complete history of how software artifacts were created.

A security vulnerability where attackers insert malicious data into caches, like DNS or web caches.

Documentation that tracks evidence handling and transfer.

The practice of safeguarding continuous integration and continuous delivery pipelines.

One of the most influential organizations, operating under the Linux Foundation, shaping modern application development and infrastructure management.

Reviewing source code to detect security flaws.

The measure of how well-written, reliable, and maintainable software code is.

The practice of identifying and preventing vulnerabilities in an application's code to protect it from threats and attacks.

Using tools to automate adherence to compliance standards.

Analyzing container images for vulnerabilities before deployment.

Practices ensuring containerized applications are secure.

Ongoing observation of systems to ensure security posture.

Measures the extent to which source code is executed by automated tests.

The application of public-key cryptography to create digital signatures that verify the authenticity and integrity of software artifacts.

Assigns unique identifiers to known vulnerabilities in software and hardware.

Upcoming EU law to enforce cybersecurity requirements for digital products and software.

Dependencies and provenance track what software components you use and where they come from, ensuring trust and traceability.

Processes that track and update software dependencies.

Integrating security practices within DevOps workflows.

A cryptographic means to verify authenticity and integrity.

Protecting end-user devices from cyber threats.

The comprehensive regulatory framework for product security across Europe.

EU regulation ensuring safety and performance of medical devices through strict compliance.

Compliance definition, purpose, and solutions for medical devices.

Protecting embedded software in hardware devices.

Investigation methods used to uncover security breaches.

An automated enforcement mechanism that stops vulnerable or non-compliant code from polluting the codebase.

EU regulation for personal data protection and privacy, enforceable across all member states.

Frameworks ensuring adherence to policies and regulations.

An integrated framework for managing organizational security, risk, and regulatory requirements.

Fine-tuned control over user permissions and data access.

A physical computing device that safeguards and manages cryptographic keys, performing encryption and signing operations in a tamper-resistant environment.

One of the most important cryptographic operations in modern software supply chain security and DevSecOps practices.

A set of practices, controls, and methodologies designed to protect Kubernetes applications deployed through Helm charts.

A powerful defense against supply chain attacks, dependency confusion attacks, and unauthorized code injection.

A certifiable security and privacy framework that consolidates requirements from HIPAA, PCI DSS, GDPR, ISO 27001, and NIST.

IEC 62304 represents the international standard for medical device software lifecycle processes.

International framework for securing medical devices throughout their lifecycle with comprehensive cybersecurity principles.

Procedures for managing and mitigating security incidents.

Managing IT infrastructure through code for consistency and security.

Ensuring data remains unaltered and authentic.

Global standard for applying risk management to medical devices.

The EU regulation for in vitro diagnostic medical devices.

Practices and tools specific to securing Java applications.

Securing CI/CD pipelines in Jenkins.

The practices, methodologies, and controls necessary to protect JSON Web Tokens throughout the software development lifecycle.

Techniques to secure the core component of an operating system.

A list maintained by the CISA website for prioritizing critical software flaws actively used by attackers.

Securing container orchestration environments.

Granting users only the permissions they need.

Ensuring software adheres to licensing agreements and regulations.

A widely-deployed Java-based logging frameworks in enterprise software development

Recording system events for monitoring and analysis.

The average duration from when a security issue is first identified until it's completely fixed and deployed to production environments.

Medical device cybersecurity, third-party and legacy software risk.

FDA's cybersecurity risk management requirements for new medical devices.

FDA's 2016 guidance on post-market cybersecurity for medical devices.

Establishes requirements for the development, maintenance, and risk management of software used in medical devices.

The practice of embedding security into the entire software development lifecycle for medical technology to ensure medical devices are secure, compliant, and resilient while accelerating their development and release.

Evaluating data about data to assess security risks.

NIST 800-171 Regulation, Explanation

NIST 800-53 Regulation, Explanation

Adhering to the security standards defined by NIST.

Ensuring that actions or transactions cannot be denied.

A software supply chain compromise where threat actors introduce malicious code into the npm registry ecosystem.

A common language and control catalog for software security.

Securing open source components used in software development.

One of the most influential organizations operating under the Linux Foundation committed to securing the open source software ecosystem.

Protecting operational processes from adversarial exploitation.

Securing automated workflows in IT environments.