- API Penetration Testing

DevSecOps Resource Center

DevSecOps is huge field inside cybersecurity but still in an infancy stage so we have two different challenges: getting API security in the right time (convincing top management) and getting it in the right way.

1. Communicating DevSecOps

You can use our Six Common Security Weaknesses of Kubernetes and AWS checklist as a communication appetizer and go ahead with two parts of real life story how a DevOps engineer exploited Managed Kubernetes flaws (DevOps Attacks Kubernetes part 1, DevOps Attacks Kubernetes part 2).

2. DevSecOps Guide for a Start-Up

We've made a purpose-built guide for start-up founders enabling you to manage effectively all aspects of your cybersecurity exposure - web, mobile, back-end \ API and cloud.

3. Secrets Management tools - Vaults - Comparisons

The most foundational element of a sound DevSecOps blueprint is a Secrets Management capability, which usually relies on a purpose-built tool - a vault. There you can discover eight our comparisons of some most well-known vaults:

  1. Hashicorp vs Akeyless
  2. Hashicorp vs OpenShift
  3. Hashicorp vs 1Password
  4. Hashicorp vs Cyber-Ark Conjur
  5. OpenShift vs Cyber-Ark Conjur
  6. Hashicorp vs AWS Secrets Manager
  7. Hashicorp vs Keywhiz
  8. OpenShift vs Keywhiz
There you can find all kinds of materials - checklists, real life stories. guide for founders and tools comparisons. I hope it was useful for you, but if you don't have time to check it all out - check out our DevSecOps as a Service and we might be your DevSecOps solvers.
Alex Bodryk
Cyberlands, Co-founder & managing director