Learning Center

An automated process that uses machine learning and natural language processing to analyze source code for bugs, security vulnerabilities, style inconsistencies, and other issues.

Measures to protect Application Programming Interfaces from threats.

Mechanisms that restrict unauthorized access to resources.

A cybersecurity approach that continuously monitors and improves an organization's applications' security lifecycle, integrating findings from various security tools (like SAST, DAST, and SCA) into a unified view to prioritize vulnerabilities based on risk and enable automated remediation.

A storage location for software build artifacts.

Many attacks get in through external open source and vendor dependencies.‍

Identifying and assessing potential attack vectors.

The examination of binary code to identify vulnerabilities.

Securing blockchain networks and smart contracts.

Programs rewarding individuals for discovering software vulnerabilities.

The use of tools to automate software build processes.

The purpose of the CVE system is simple: to assign unique identifiers to known vulnerabilities in software and hardware.

A security vulnerability where attackers insert malicious data into caches like DNS or web caches, compromising system trust. Understand the definition and explanation of this threat.

Discover the Chain of Custody: Definition, Explanation, and Importance in Evidence Handling. Learn about documentation processes ensuring secure transfer and tracking.

One of the most influential organizations operating under the Linux Foundation and shaping modern application development and infrastructure management.

Discover the essentials of Code Analysis: Learn about reviewing source code to detect security flaws. Understand the definition, explanation, and importance of this crucial process in software development.

The measure of how well-written, reliable, and maintainable software code is. It encompasses a code's efficiency, readability, security, and adherence to best practices, ensuring it functions as intended while being easy for developers to understand, modify, and debug.

Discover what Compliance Automation is and how it streamlines adherence to standards. Learn about tools, definitions, and explanations for efficient compliance management.

Practices ensuring containerized applications are secure.

Dependencies and provenance track what software components you use and where they come from, ensuring trust and traceability.

Learn about Dependency Management: Explore processes that track and update software dependencies. Understand its definition, importance, and best practices for efficient software development.

Integrating security practices within DevOps workflows.

Discover the EU Cyber Resilience Act (CRA, 2025–2027): Upcoming EU law enforcing cybersecurity requirements for digital products and software. Learn about its impact and significance.

Discover the EU MDR (2017/745) regulation: Ensuring medical device safety and performance through strict compliance. Learn about its definition, explanation, and impact on the industry.

Discover what Endpoint Security is and how it protects end-user devices from cyber threats. Learn about its definition, explanation, and importance in safeguarding your digital environment.

Discover FDA 524B(b) compliance: definition, purpose, and solutions for old medical devices. Learn how to address compliance issues and ensure regulatory adherence.

Discover what firmware security is and learn about protecting embedded software in hardware devices. Explore definitions, explanations, and key insights on safeguarding your technology.

Discover the essentials of Forensic Analysis: investigation methods to uncover security breaches. Learn about definitions, explanations, and techniques in this comprehensive glossary page.

EU regulation for personal data protection and privacy, enforceable across all member states.

Discover the definition and explanation of Governance: Frameworks ensuring adherence to policies and regulations. Learn about governance structures, principles, and their importance in organizational compliance.

Learn about procedures for managing and mitigating security incidents effectively. Get detailed explanations and insights today!

Practices and tools specific to securing Java applications.

Securing container orchestration environments.

Medical device cybersecurity, third-party and legacy software risk.

Medical Device Cybersecurity Premarket Guidance (US FDA 2023)? Definition of FDA's cybersecurity risk management requirements for new medical devices. Understand how to comply with FDA guidelines.

FDA's 2016 guidance on postmarket cybersecurity for medical devices. Understand how to manage cybersecurity risks in marketed devices effectively.

Establishes requirements for the development, maintenance, and risk management of software used in medical devices.

The practice of embedding security into the entire software development lifecycle for medical technology to ensure medical devices are secure, compliant, and resilient while accelerating their development and release.

Evaluating data about data to assess security risks. Understand its definition, explanation, and importance in data security.

A full explanation of the regulation, its definition, and key requirements. Understand its impact on data security and compliance.

NIST 800-53, the regulation, its definition, and detailed explanation. Explore its significance in cybersecurity frameworks.

Learn about NIST Compliance: Definition, Explanation, and Security Standards. Understand how adhering to NIST guidelines enhances cybersecurity and data protection.

A common language and control catalog for software security.

Definition, explanation, and best practices for securing open source components in software development. Enhance your understanding today!

Explanation, and Key Concepts. Protect operational processes from adversarial threats with effective strategies.

Orchestration Security: Definition and Explanation of securing automated workflows in IT environments. Understand its importance in IT security.

Ensure software package authenticity and integrity with comprehensive package verification insights. Explore methods, tools, and best practices for secure software deployment.

Simulated attacks to evaluate system vulnerabilities.

Optimize your CI/CD pipeline security with best practices and strategies for safeguarding continuous integration and delivery processes. Enhance protection and efficiency today!

What are Prompt Injection Attacks? Learn more about Manipulating AI prompts to bypass restrictions and generate harmful outputs. Enhance AI security with insights on this critical exploit.ow

Evaluating potential security threats and vulnerabilities in the SDLC.

What Are Secure Coding Practices in Software Development? Definition of coding standards to prevent security vulnerabilities. Enhance software security with best practices and guidelines.

Systems that aggregate and analyze security event data.

What is a Security Operations Center? Definition of a dedicated team responsible for monitoring and responding to security incidents. Understand its role, importance, and how it enhances cybersecurity.

What is Slopsquatting? Definition of typo-based attacks exploiting mistyped package names to distribute malware. Understand how these threats operate and protect your systems.

Social Engineering: Definition, Explanation & How It Works | Learn About Manipulating Tactics | Kusari®

A comprehensive list of components in a software product.

What is Software Composition Analysis? Definition, meaning, and use of SCA in assessing third-party components for security risks. Understand related regulations and best practices.

What is Software Supply Chain Risk Management? Definition of identifying and mitigating risks in the software supply chain. Understand why it's crucial for security and efficiency.

Identifying and mitigating risks in the software supply chain.

What is Static Analysis? Definition of reviewing code without execution to identify vulnerabilities. Understand why, when, and how to use static analysis for secure coding practices.

What is a Supply Chain Attack? Definition of a cyber threat targeting supply chain vulnerabilities. Understand how, why, and when these attacks occur to protect your business.

What is Telemetry? Definition of data collection from systems for analysis and monitoring. Understand how telemetry enhances system performance and reliability.

What is Threat Intelligence? Definition of gathering and analyzing cyber threat information. Enhance cybersecurity with insights on threat detection, prevention, and response.

Identifying and evaluating potential security threats.

What is Tokenization? Definition of replacing sensitive data with non-sensitive substitutes. Understand why, when, and how to use tokenization for enhanced data security.

What is Transitive Dependencies? Definition of indirect third-party components inherited through direct dependencies. Understand their impact on application development.

What is Typosquatting? Definition of registering mistyped domain/package names to deceive users into installing malicious content. Understand the risks and prevention strategies.

A security model ensuring trust across systems and networks.

What is Update Management? Definition of processes for timely software update deployment. Learn why, when, and how to manage updates effectively for optimal system performance.

Analyzing user actions to detect anomalies and threats.

A format for sharing whether a vulnerability affects specific software components.

What is Verification? Definition of confirming systems meet security standards. Why it's crucial, when to implement, and how to ensure compliance.

Protecting the integrity of source code repositories.

A vulnerability in your external software supply chain exposes your dependencies to supply chain attacks.

What is Vulnerability Scanning? Definition of automated scanning for known security weaknesses. Enhance cybersecurity by identifying vulnerabilities.

What is Webhook Security? Definition of securing automated communication endpoints between applications. Learn how to protect webhooks from threats and ensure safe data exchange.