The reality of modern application design means that when an unexpected issue occurs, the ability to find the root cause can be difficult. This is where the concept...
Building an AI agent prototype is one thing; running it safely and reliably in production is another. This Refcard walks engineers and technical leaders through the...
The reality of modern application design means that when an unexpected issue occurs, the ability to find the root cause can be difficult. This is where the concept of centralized log management can provide a great deal of assistance. This Refcard teaches you the basic flow of a log management process, provides a comprehensive checklist of questions to consider when evaluating log management solutions, advises you on what you should and should not log, and covers advanced functionality for log management.
Covering the essentials of security in Kubernetes environments, this Refcard addresses the three primary areas of attack within a Kubernetes cluster. Security concepts range from the software supply chain — images, build systems, and container registry security — to Kubernetes infrastructure, as well as deploy-time and runtime security. Key examples like threat vectors, security measures, and vulnerability and violation types within each section will help you continue strengthening your Kubernetes environment security as you automate and scale the deployment and management of your cloud-native applications.
Building an AI agent prototype is one thing; running it safely and reliably in production is another. This Refcard walks engineers and technical leaders through the architecture, governance, security, evaluation, deployment, and monitoring decisions required to move AI agents from demo to production. Explore practical guidance for managing state and memory, enforcing guardrails, building eval gates, handling secrets and model configuration, instrumenting agent behavior, controlling costs, and closing the feedback loop after every release.
Given the rise in identity-focused breaches and the continuously growing number of identities, identity and access management (IAM) has emerged as a cornerstone for safeguarding enterprise systems. By orchestrating secure authorization and authentication, IAM serves as the digital gatekeeper, granting controlled access to diverse resources — from on-premises databases to cloud-based applications. In this Refcard, we delve deep into IAM's crucial role in modern cybersecurity. We outline the primary functions and principles that underpin IAM, highlight its significance, address common challenges faced by engineering teams, and focus on the core practices.
Threat modeling is a crucial component of the secure-by-design guiding principles. This Refcard provides the fundamentals of threat modeling, core practices for secure implementation, and key elements of conducting successful threat model reviews. Exploring the significance of modern tools for automating and streamlining threat modeling processes, we will review how to improve the accuracy of findings and facilitate integration and collaboration among software and security teams throughout the SDLC.
Advancements in AI and automation have paved the way toward agentic automation. Integrating advanced AI techniques, agentic automation enables autonomous agents to handle complex, unstructured tasks with minimal human intervention. In this Refcard, you will learn about the key components of AI agents, design principles for building intelligent agents, and practical applications of agentic automation — all demonstrated via a real-world use case.
Securing software supply chains has become a first-class consideration — along with coding and CI/CD pipelines — when developing a software product. Far too many vulnerabilities have been subliminally introduced into software products and resulted in catastrophic breaches for us as diligent developers to treat supply chain security as an afterthought. The core practices and principles outlined in this Refcard provide a foundation for creating secure supply chains that produce deliverables and products that others can trust.
Enterprises are rapidly adopting cloud-native architectures and design patterns to help deliver business values faster, improve user experience, maintain a faster pace of innovation, and ensure high availability and scalability of their products. Cloud-native applications leverage modern practices like microservices architecture, containerization, DevOps, Infrastructure as Code, and automated CI/CD processes. This Refcard walks through the critical challenges of cloud-native application security, demonstrates how to build security into the CI/CD pipeline, and introduces the core patterns and anti-patterns of cloud-native application security.
Secrets management plays a pivotal role in any modern security environment, and its importance continues to be highlighted as time and time again, we witness security breaches across industries, even occurrences directly caused by the improper safeguarding or mishandling of secrets. In this Refcard, readers will learn about the core practices for a centralized secrets management strategy — from initial steps in creating a single source of truth to key measures for secrets injection, automation, compliance, monitoring, and more.
Poor data quality can cost organizations millions of dollars each year, with additional risks tied to non-compliance under regulations like GDPR. From lost sales opportunities to potential legal penalties, these data quality pitfalls underscore why proactive data management is critical to protecting your organization's profit and reputation. The aim of this Refcard is threefold: to guide readers in pinpointing the principal risks and effects of inadequate data quality, to highlight the core concepts and principles that underpin an effective data quality strategy, and to offer practical steps for implementing improvements that decisively lower operational risks and costs.
The increasingly distributed nature of CI/CD frameworks has made organizations more vulnerable to attacks, which can range from threats to supply chains and servers to exploitations of the application code itself. In this Refcard, you'll learn about the primary focus areas of CI/CD pipeline security, review common pipeline threats and security challenges, as well as walk through nine steps to get started with securing your pipelines.
Caching is a powerful tool for reducing latency, cutting costs, and enabling scalable system design. This Refcard explores core caching concepts and demonstrates how to implement them using Java’s JCache API. You'll learn how to configure caches, handle expiration and events, choose the right deployment model, and more (with practical examples), helping prepare you to build efficient and flexible Java applications.
