Tag: DevSecOps

Browse all articles, tutorials, and guides about DevSecOps

Guides

Code Review for Security

Learn to identify security vulnerabilities during code reviews. Master security-focused review techniques, common vulnerability patterns, and effective feedback strategies.

Cryptography Essentials

Master the cryptographic fundamentals every DevOps engineer needs: symmetric and asymmetric encryption, hashing algorithms, TLS/SSL certificates, and Public Key Infrastructure (PKI).

CI/CD Pipeline Hardening

Learn to secure your CI/CD pipelines against supply chain attacks. Master runner isolation, artifact signing, configuration security, and pipeline-as-code best practices.

Pre-commit Hooks for Security

Implement security checks before code is committed using git hooks. Learn gitleaks, detect-secrets, and the pre-commit framework to catch vulnerabilities early.

Static Application Security Testing (SAST)

Master Static Application Security Testing (SAST) with SonarQube, Semgrep, and CodeQL. Learn to detect vulnerabilities in source code before they reach production.

Secure Coding Practices

Learn essential secure coding practices for DevOps: input validation, output encoding, error handling, secure defaults, and defense in depth for web applications and APIs.

Threat Modeling

Master threat modeling methodologies including STRIDE, DREAD, and attack trees. Learn to identify, analyze, and prioritize security threats in your systems with practical exercises.

OWASP Top 10

Learn about the OWASP Top 10 web application security risks. Understand each vulnerability, see real-world examples, and learn how to prevent them in your applications.

Security Principles

Master the fundamental security principles every DevSecOps engineer needs to know. Learn CIA Triad, Defense in Depth, Least Privilege, and Zero Trust concepts with practical examples.