Security

I’m excited to be speaking at NDC Security 2026 in Oslo, March 2-5! I’ll be presenting MITRE ATT&CK for Developers — showing how developers can go beyond the OWASP Top 10 and use the ATT&CK framework to think like attackers and build stronger defenses.

Most developers know the OWASP Top 10, but fewer know MITRE ATT&CK. OWASP tells you what can break. ATT&CK tells you how attackers actually operate. Together, they give you a complete picture of application security. I’ll be presenting this topic at NDC Security 2026 in Oslo, March 2-5. If you’re attending, come check out my talk — MITRE ATT&CK for Developers — on Wednesday, March 4 at 10:20.

This is part 5 of the Secure Terraform series. You can read the series of articles here: Secure Terraform - Part 1 - tfsec Secure Terraform - Part 2 - tfsec customization Secure Terraform - Part 3 - terrascan Secure Terraform - Part 4 - checkov Secure Terraform - Part 5 - terraform state Introduction # Terraform is an immensely popular Infrastructure as Code (IaC) tool that allows you to manage and provision infrastructure resources using configuration files and automation tools.

This is part 4 of the Secure Terraform series. You can read the series of articles here: Secure Terraform - Part 1 - tfsec Secure Terraform - Part 2 - tfsec customization Secure Terraform - Part 3 - terrascan Secure Terraform - Part 4 - checkov Secure Terraform - Part 5 - terraform state Introduction # In this fourth installment of our Secure Terraform series, we’ll discuss Checkov, a powerful open-source static code analysis tool supported by Bridgecrew. Checkov supports Terraform, Kubernetes, Dockerfiles, AWS CloudFormation, and other Infrastructure as Code (IaC) frameworks. It focuses on security best practices, policy compliance, and industry standards. You can find Checkov’s documentation and samples at https://www.checkov.io/.

This is part 3 of the Secure Terraform series. You can read the series of articles here: Secure Terraform - Part 1 - tfsec Secure Terraform - Part 2 - tfsec customization Secure Terraform - Part 3 - terrascan Secure Terraform - Part 4 - checkov Secure Terraform - Part 5 - terraform state Introduction # Terrascan is another great tool for terraform security from tenable.

This is part 2 of the Secure Terraform series. You can read the series of articles here: Secure Terraform - Part 1 - tfsec Secure Terraform - Part 2 - tfsec customization Secure Terraform - Part 3 - terrascan Secure Terraform - Part 4 - checkov Secure Terraform - Part 5 - terraform state Introduction # In the previous article, we discussed tfsec, a static code analysis tool for Terraform. We also learned how to use it in VSCode and GitHub Actions to scan our Terraform code. We learned how to override the severity of rules. In this article, we will learn how to customize the rules and add our own rules.