Learning | Security

Insights, tools, and best practices to keep your organization and users secure.

Video play
Green figurines

Hacker quantified security

Alex Rice on the importance of inviting hackers to find vulnerabilities in your system, and how to measure the results of incorporating their feedback.

Runnable code code

Compliance as code

Build regulatory compliance into development and operations, and write compliance and checks and auditing into continuous delivery, so it becomes an integral part of how your DevOps team works.

Runnable code code
Sheet of euros

Ransomware: When to pay (and when not to)

While most security professionals argue against paying the ransom, there are some cases where paying is the right choice for an organization. Learn what to consider, and how to decide.

Video play

Securing application deployments in CI/CD environments

Binu Ramakrishnan highlights current security risks and CI/CD threat modeling and presents security patterns-based techniques to mitigate these risks, including a novel idea called auth events to delegate user privileges to CI/CD workflow jobs.

Runnable code code
Chipped rocks

Incident management at the edge

Lessons learned at Fastly: How to build a robust system that identifies, mitigates, contains, and properly communicates incidents to prevent recurrence.

Video play
The world map from Leinhart Holle's 1482 edition of Nicolaus Germanus's emendations to Jacobus Angelus's 1406 Latin translation of Maximus Planudes's late-13th century rediscovered Greek manuscripts of Ptolemy's 2nd-century Geography.

Who is...? A question, not the Unix command

Chris Baker discusses Internet cartography and its implications for risk and security. He focuses on building a mental model for how we know where on the network something is, what it is, and why that is important.

Video play
Sand castle

Security on a shoestring

Kelsey Gilmore-Innis shares the essential concepts behind securing your users’ data and offers examples of how she and her team applied them to Callisto.

Runnable code code
Data landscape

Not all data is created equal

Some of the most profitable decisions are made by combining data in novel ways, but creative combinations of data can also spawn unknown risks. Learn how your organization can balance risk and reward in a data-driven economy.

Video play

Trusted vs trustworthy

Knowing the difference between trusted and trustworthy is fundamental to understanding how to build secure software. In this exclusive video excerpt from Introduction to Secure Software, Brian Sletten explains the browser's transitive trust model.

Video play
The Cheat with the Ace of Clubs, Georges de la Tour

The value of operations security

Good security policies do not guarantee protection against attacks. Learn why you need a strong operations security team to implement security measures.

Runnable code code

Secure prototyping with littleBits and cloudBit

Use littleBits and cloudBit to set up an environment where you can evaluate security concerns. Plus, learn about security evaluations and threat agents. Read Chapter 7 from Abusing the Internet of Things.