Application Security
Security for applications — authentication, secrets management, dependency scanning, and supply chain security.
Sections
- Authentication — JWT
- Secrets Management — HashiCorp Vault, AWS Secrets Manager, Kubernetes secrets
- Dependency Scanning — Trivy, Snyk, Grype, Dependabot
- Supply Chain Security — SBOM, Sigstore, SLSA
Key Concepts
Secrets Management
# HashiCorp Vault - dynamic secrets
vault kv get secret/myapp/database
# AWS Secrets Manager
aws secretsmanager get-secret-value --secret-id myapp/db
# Kubernetes secrets (base64 encoded - not encryption)
kubectl get secret mysecret -o yamlDependency Scanning
# Trivy - scan container image
trivy image myapp:latest
# Grype - scan SBOM
grype sbom:myapp.spdx -o json
# Snyk - scan code
snyk test --all-projectsRelated
- DevSecOps — Shift-left security
- Incident Response — AppSec incident response