Secrets Detection: A Fast-Track Guide
Secrets detection is the process of identifying and managing sensitive information like API keys, passwords, and tokens within codebases to prevent unauthorized access and data breaches.
Ziad Ghalleb
Ziad Ghalleb Articles
Top 14 OSS Application Security Tools by Use Case
The top 14 open-source application security tools—including SCA, secrets scanning, and application security testing tools—to help you streamline the critical process of securing your apps from threats and vulnerabilities.
The Secure Software Development Framework (SSDF)
NIST’s Secure Software Development Framework (SSDF) is a structured approach that provides guidelines and best practices for integrating security throughout the software development life cycle (SDLC).
What is ASPM? [Application Security Posture Management]
Application security posture management entails continuously assessing applications for threats, risks, and vulnerabilities throughout the software development lifecycle (SDLC).
SAST vs. SCA: What's the Difference?
SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.
Static Application Security Testing (SAST) Explained
Static Application Security Testing (SAST) is a method of identifying security vulnerabilities in an application's source code, bytecode, or binary code before the software is deployed or executed.
SAST vs. DAST: What’s the difference?
In this Academy article, we'll dig into SAST and DAST security testing methods, exploring how they work and their core aspects
Secure Code Scanning: Basics & Best Practices
In this article, we’ll explore the step-by-step process of code scanning, its benefits, approaches, and best practices.
Open-source security: Best practices and tools
Open-source security is the collection of tools and processes used to secure and manage the lifecycle of open-source software (OSS) and dependencies from development to production.
What is Security as Code (SaC)?
Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.
What is Policy as Code?
Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.
What is SecDevOps? How It Differs From DevSecOps
SecDevOps is essentially DevOps with an emphasis on moving security further left. DevOps involves both the development team and the operations team in one process to improve deployment performance and service customers faster.
GitOps vs. DevOps
While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.
Secure Coding Explained
Secure coding is the practice of developing software that is resistant to security vulnerabilities by applying security best practices, techniques, and tools early in development.
Ziad Ghalleb Posts
Developers Deserve Better: Why Wiz Code Is Built for You.
Wiz Code helps developers integrate security into their workflow, with real-time guidance from code to cloud. Reduce last-minute fixes. Build with confidence.
Your control tower to secure code across GitHub, GitLab, and Azure Repos
Secure your code and the entire development pipeline with the Wiz Security Graph, comprehensive configuration checks, and advanced code scanning.
Sail Further with Wiz Cost Optimization for Amazon EKS
Learn how Wiz's latest feature identifies outdated EKS clusters, helping organizations save millions on cloud spend. Find out how to optimize costs and reinvest savings in strategic initiatives.