Learning Center

An automated process that uses machine learning and natural language processing to analyze source code for bugs, security vulnerabilities, style inconsistencies, and other issues.

Measures to protect Application Programming Interfaces from threats.

Mechanisms that restrict unauthorized access to resources.

A cybersecurity approach that continuously monitors and improves an organization's applications' security throughout their lifecycle, integrating findings from various security tools (like SAST, DAST, and SCA) into a unified view to prioritize vulnerabilities based on risk and enable automated remediation.

A storage location for software build artifacts.

Many attacks get in through external open source and vendor dependencies.‍

Identifying and assessing potential attack vectors.

The examination of binary code to identify vulnerabilities.

Securing blockchain networks and smart contracts.

Programs rewarding individuals for discovering software vulnerabilities.

The use of tools to automate software build processes.

Assigns unique identifiers to known vulnerabilities in software and hardware.

A security vulnerability where attackers insert malicious data into caches, like DNS or web caches.

Documentation that tracks evidence handling and transfer.

One of the most influential organizations operating under the Linux Foundation and shaping modern application development and infrastructure management.

Reviewing source code to detect security flaws.

The measure of how well-written, reliable, and maintainable software code is.

The practice of identifying and preventing vulnerabilities in an application's code to protect it from threats and attacks.

Using tools to automate adherence to compliance standards.

Analyzing container images for vulnerabilities before deployment.

Practices ensuring containerized applications are secure.

Ongoing observation of systems to ensure security posture.

Measures the extent to which source code is executed by automated tests.

Upcoming EU law to enforce cybersecurity requirements for digital products and software.

Dependencies and provenance track what software components you use and where they come from, ensuring trust and traceability.

Processes that track and update software dependencies.

Integrating security practices within DevOps workflows.

A cryptographic means to verify authenticity and integrity.

EU regulation ensuring safety and performance of medical devices through strict compliance.

Protecting end-user devices from cyber threats.

Compliance definition, purpose, and solutions for medical devices.

Protecting embedded software in hardware devices.

Investigation methods used to uncover security breaches.

EU regulation for personal data protection and privacy, enforceable across all member states.

An automated enforcement mechanism that stops vulnerable or non-compliant code from polluting the codebase.

Frameworks ensuring adherence to policies and regulations.

An integrated framework for managing organizational security, risk, and regulatory requirements.

Fine-tuned control over user permissions and data access.

Global standard for applying risk management to medical devices.

Procedures for managing and mitigating security incidents.

Managing IT infrastructure through code for consistency and security.

Ensuring data remains unaltered and authentic.

The practices, methodologies, and controls necessary to protect JSON Web Tokens throughout the software development lifecycle.

Practices and tools specific to securing Java applications.

Securing CI/CD pipelines in Jenkins.

Techniques to secure the core component of an operating system.

A list maintained by the CISA website for prioritizing critical software flaws actively used by attackers.

Securing container orchestration environments.

Granting users only the permissions they need.

Ensuring software adheres to licensing agreements and regulations.

Recording system events for monitoring and analysis.

Medical device cybersecurity, third-party and legacy software risk.

FDA's cybersecurity risk management requirements for new medical devices.

FDA's 2016 guidance on post-market cybersecurity for medical devices.

Establishes requirements for the development, maintenance, and risk management of software used in medical devices.

The practice of embedding security into the entire software development lifecycle for medical technology to ensure medical devices are secure, compliant, and resilient while accelerating their development and release.

Evaluating data about data to assess security risks.

NIST 800-171 Regulation, Explanation

NIST 800-53 Regulation, Explanation

Adhering to the security standards defined by NIST.

Ensuring that actions or transactions cannot be denied.

A common language and control catalog for software security.

Securing open source components used in software development.

Protecting operational processes from adversarial exploitation.

Securing automated workflows in IT environments.

Confirming the authenticity and integrity of software packages.

Simulated attacks to evaluate system vulnerabilities.

Ensuring security in continuous integration/delivery pipelines.

The Policy Compliance Rate serves as a critical metric for organizations seeking to understand how effectively their development teams adhere to established security policies throughout the software development lifecycle. 

Exploit where attackers manipulate AI prompts to bypass restrictions or generate harmful output.

Isolating potential threats to prevent spread.

Securing database queries to prevent injection attacks.

Corrective actions taken to address security vulnerabilities.

Automated processes to address security vulnerabilities.

Analyzing the distribution of risk findings by severity.

Strategies to reduce the impact of security threats.

Defenses that secure applications during execution.

Evaluating potential security threats and vulnerabilities in the SDLC.

Coding standards that help prevent security vulnerabilities.

Systems that aggregate and analyze security event data.

A dedicated team responsible for monitoring and responding to security incidents.